So your WordPress website got hack and you don’t know what to.
We have all been there and luckily it’s pretty simple to un-hack most WordPress hacks.
In this guide, I am going to walk you through how to fix a hacked WordPress website in just 5 important steps.
How Do I Know if I’m Hacked?
Sometimes it’s very obvious that your WordPress website was hacked. Usually, the hacker will change the site to feature their hacker gang to let you know that you have been hacked.
But sometimes, they are more sneaky and you may not know that you have been hacked. They may have added rogue links pointing to their websites or even change your Adsense code to steal your ad revenue.
Luckily, there are a few ways you can tell if your WordPress website was hacked.
If your website is set up in Google Search Console, you will get an alert about ‘Social Engineering Content’ if your WordPress site is hacked or anything fishy is going on.
The best way to know if your website has been hacked is to have a good security system set up that will alert you. We are going to be using Wordfence to keep our WordPress website secure and alert us if there has been a breach.
What if I Don’t Have Admin Access?
If the pesky hackers changed your password or deleted your account, you won’t be able to login to perform the steps below.
If this is the case, you will need to access your database to manually change your WordPress username and password so you can log in.
Head to your hosting provider and login to your cPanel or web management software and find PHPMyAdmin. This is where you will find your MySQL database.
When you are inside of PHPMyAdmin you will see a list of databases on the left. If you only have one WordPress website, then there will only be one database. Open that database to view all of the tables.
Once you are in the list of tables, look for the users table. Your database may have a different table prefix but look for the table that has the word ‘users’ in it. Click on it to edit the table.
You will see all of the users of your WordPress website but you want to look for your username. When you find it, click the edit row to edit the row and reset the password so you can login to your WordPress site.
Now you can’t just enter in a new password because it needs to be converted into an MD5 hash. So on the ‘edit row’ screen, you are going to type in your new password into the user_pass column. Next, you will need to select the function dropdown and select md5 so that it converts our new password to MD5.
Click the ‘Go’ button and your password will be set to whatever you typed in the box. You should now be able to login to your WP Admin area with these credentials.
If your username was not in the database, then you will need to just create a new row in the users table.
Step 1: Install Wordfence
Wordfence is one of the most popular WordPress security plugins that has a free version as well as a paid version. The free version is enough to clean your hacked website and secure it for the future.
Head to your plugins manager and find WordFence and install it on your WordPress website and activate it.
Head to the new Wordfence tab on the left navigation pane in WordPress. In order to do anything else, you will need to add an email so Wordfence can send alerts.
Step 2: Run a Scan
The first thing you want to do now is to run a full scan of your WordPress website. The scan will compare your files and code to the WordPress repository to make sure there aren’t any rogue files or scripts doing naughty things.
But before you click run, lets set up the scan settings for maximum security. On the Scan page, click the ‘Manage Scan’ link above the button.
On the scan options page, choose the high sensitivity option so that we get a thorough scan of your WordPress website.
Save your changes and then head back to the Scan page and click ‘Scan Now’ to begin the scanning process. It will take some time to run so go have a coffee and let it do its thing.
Once it has ran through the entire site, it will show you a list of possible dangerous files, plugins that need to be updated and any other security threats.
Step 3: Remove Malware
Now, you will need to go through the list and delete any malware from the results that were found.
To delete the suspicious files click the ‘Delete All Deletable Files’ button and it will remove any rogue files that aren’t supposed to be in the WordPress repository.
If the hacker edited any of your local WordPress files, you will have the option to repair all repairable files and Wordfence will revert the file to the original file from the WordPress repository.
Wordfence will show plugins that need to be updated because this can create vulnerabilities for hackers to get into your WordPress site through plugins that aren’t up to date with the latest security.
Update any plugins that need to be updated so that you have all the latest security patches from the plugin developer.
Once everything is cleaned from the site and updated, you will need to change your passwords so that its more secure.
Step 4: Change Passwords
Lets set up a really secure password.
Go to this secure password generator and choose a 16 length password with Symbols, Numbers, and Characters. Click ‘Generate Password’ and copy the secure password for pasting into WordPress.
Go to your user settings and in the Account Management area, you will see a button to Generate a Password.
Click the button (it will generate a password) and then remove that password (it’s not as secure) and paste in the password you generated.
Hit save and you have now updated your password to a super-secure password.
Step 5: Secure Your Site
You can use Wordfence to keep your WordPress site from being hacked again in the future.
Wordfence’s firewall is a very strong defense against hackers trying to get into your site.
Go to the Wordfence firewall settings page and we are going to update some settings to increase the security of your WordPress website.
First, we need to change the brute force protection settings as they are pretty high by default. In the Brute Force Protection settings change the following fields:
- Lock out after how many login failures: This will lock out anyone who tries to login with an incorrect password. Change this to 3-4 because you most likely have saved passwords so you shouldn’t be typing in the wrong password. This will build a list of IPs that are blocked from the site.
- Lock out after how many forgot password attempts: Change this field to 3 or 4 as well because it’s not likely you will be forgetting your password that many times in a row.
- Immediately lock out invalid usernames: if sometime tries to login with a username that’s not in your database, it will lock out their IP.
Next, you will need to update the Advanced Firewall Options.
Add your own IP to the whitelist box so that no matter what, you can log in without any issues. Remember that if you access your WordPress site from other places, your IP will be different and you may not be able to log in unless it’s whitelisted.
To get your own IP, you can simply google “what’s my IP” and Google will tell you right in the SERPs.
Copy your IP address and paste it into the whitelist IPs box in Wordfence.
Add any other IP addresses that you will be accessing your WordPress site from. Don’t forget to add any employees or clients that will be logging into the site.
Lastly, we are going to block anyone that tries to access the admin area. Hackers know that the login URL for WordPress sites is usually /wp-admin/ so we are going to block any IPs that access that URL.
In the box below add your /wp-admin/ location and then click save changes.
Now Wordfence will start optimizing itself and blocking malicious IP addresses that are trying to access your site. Over time you will build a large blacklist of IPs that will keep your WordPress website secure.