How to repair and fix a hacked Wordpress website

As more and more people use the internet for almost every part of their daily lives the number of cyberattacks is also drastically increasing. On any given day there are over 2200 cyberattacks happening simultaneously. This means that your risk of falling victim to a cyber attack is always increasing. If you own or manage a website, in particular a Wordpress website, there is a good chance that hackers have or will attempt to compromise your website at some point.

However, there is no need to panic if your Wordpress site has been hacked. This article will outline common signs of what to look for, how to fix the mess, and how to prevent further intrusions. If you would like a complimentary security audit of your website you can contact our experienced team or you can learn more about our Wordpress hacking recovery service.

Why do Wordpress websites get hacked?

Hackers love Wordpress websites because Wordpress is a popular platform used on a huge number of websites. It is also open source so essentially hackers can download the code & find security exploits that can be used to compromise any website running that version of Wordpress. People often also install a lot of plugins on their Wordpress website and every plugin provides another opportunity for hackers to find security exploits. 

How do Wordpress websites get hacked?

There are many techniques hackers use to target and compromise Wordpress websites. Below is an overview of some of the most common methods hackers use:

Insecure or weak passwords

Passwords are the keys to your Wordpress website. This means that if you happen to have a weak password (123456 as opposed to 4$^56Y&G78a3@!.,) then it would be easier for the hackers to gain access.

Using a strong unique password will ensure higher security measures are in place to prevent something like this from happening. Using a weak password may allow hackers to gain access to the following:

• Web hosting control panel account
• FTP accounts
• MySQL database used for your WordPress site
• Email accounts used for WordPress admin or hosting account

All these accounts are protected by passwords. Using weak passwords makes it easier for hackers to crack the passwords using some basic hacking tools.

Insecure web hosting

Like all websites, Wordpress sites are also hosted on a web server. Some hosting companies may not have a 100% securely protected server which means it can be easy for hackers to access.

This can be avoided by ensuring you choose the best Wordpress Hosting provider for your website. It ensures that your site is safe and has plenty of security to protect against any intrusions. Properly secured servers block many of the attempts that hackers use on Wordpress websites to gain access, this is why a good hosting provider is important.

Unprotected wp-admin directory

The Wordpress admin area gives a user access to perform different actions on your Wordpress site. Leaving this area unprotected allows hackers to try different tactics to break into your site.

Not keeping Wordpress up to date

Wordpress, theme developers and plugin developers regularly patch and improve their code to fix bugs and security issues. If you don't regularly update Wordpress, your theme and your installed plugins you could have known security issues on your website that can be easily used by hackers to gain access to your code or database.

What are the signs your Wordpress website has been hacked?

So, how do you know if a hacker has compromised your Wordpress website? Below we have listed some of the most common signs that a hacker has made their way into your website:

• Unfamiliar users with administration roles and permissions
• Strange or unfamiliar files have appeared randomly in your folders
• You can’t log in to the Wordpress admin area
• Content, links and/or images appear that you have not uploaded
• A sudden significant drop in traffic to your website
• Server logs detect unusual activity
• Your security plugin alerts you about a potential breach
• Links have been changed and redirected to harmful websites
• Your website is redirecting somewhere else
• Google is displaying a warning message on your search engine listings

What to do if you think your Wordpress website has been hacked

If you believe your Wordpress website has been hacked you can try the tips below to recover your data and restore your website back to its original state.

Contact Your Hosting Provider

If your website runs on a shared hosting service then there is a high chance the hack has come from within the server. Contact your hosting provider to check whether the security issues affect more than just your website.

Your hosting provider should be able to, at the very least, restore your website using one of their backups which can mitigate the issue quickly. If you believe your hosting provider is unable to protect the server from it happening again it may be time to find a new provider.

Restore the site from a backup

The best advice we can offer you is to ensure you have your latest clean backup ready to use. Backups consist of a complete copy of your files as well as your database/s. It is important to ensure you have frequent backups of your website being made. Ideally these backups would be created daily on an automatic schedule. Once you have restored a clean backup you need to check your wp-config.php file to ensure your database information is still correct.

Put your website into maintenance mode

While you review your restored website and ensure everything has been updated and secured you should place the website in maintenance mode so that it is not visible to the public. 

Change your password

It’s always a great idea to change your passwords often. This is crucial when it comes to your website being hacked as it could be hacked again if your password was compromised and it is not changed immediately. It is essential to change your password to your Wordpress admin area, hosting account & database.

Remove unrecognizable files and users

It's important to review all admin users setup in your Wordpress website and also review the website code if you are familiar with it. If the compromised users or files are not removed it is extremely likely that your website will be hacked again.

Change your security keys

It is very important to change your SALT keys, these keys are located at the bottom of your wp-config.php file. These keys can be generated at https://api.wordpress.org/secret-key/1.1/salt/

Update Wordpress

Before attempting to fix your hacked website, it’s best to update your old Wordpress installation, the theme and all installed plugins. Doing so helps prevent hackers from taking advantage of the site’s vulnerabilities to undo your fix, keeping your site secure after the hack. It is also a good idea to review your plugins and completely remove any plugins that are no longer needed. The less plugins you have on your website, the less 3rd party code you have.

Tips to prevent your Wordpress website from being hacked

I’m sure you have already done the below but in case you have not yet got there, please follow the below steps to secure your website today.

Ensure all your passwords are secure

Don't use simple, common words for your passwords and try to avoid using the same password for multiple logins. The best passwords are long, random passwords that consist of uppercase letters, lowercase letters, special characters and numbers.

Keep your website updated

It's important to review and update Wordpress, your theme and all installed plugins at least once a month. Remember, when updating your website it is always best practice to apply the updates in a testing environment first before sending them live in case there are any incompatibilities.

Avoid unsecure and non-updated plugins and themes

When choosing a theme and plugins for your website make sure they are regularly updated by the developers and that they are compatible with the current version of Wordpress. If you need to download 3rd party plugins, ensure you read reviews and look for recommendations from others before installing them on your website.

Remove unwanted/deactivated plugins

There’s no need to keep any plugins that are deactivated and not being used. Not only do they take up room on the server but they’re also sitting on your server as vulnerable and accessible pieces of code.

Install an SSL on your wordpress website

SSL stands for Secure Sockets Layer. It’s an important protocol for securing and authenticating data on the Internet. It’s a protocol used to encrypt and authenticate the data sent between an application (like your browser) and a web server. SSL has become more well-known, especially throughout e-commerce websites, where credit cards are being processed online. If you do not have an SSL certificate then your website will show up as not secure.

Setup a firewall or security plugin

A security plugin will help secure your website and prevent common methods used by hackers to access Wordpress websites. This will add an extra layer of security to help provide a barrier from hackers trying to get in and reduce the chances of hacks and DDoS attacks on your site. We recommend iThemes Security or Sucuri plugins.

The summary

Having your website hacked is a very unpleasant experience to go through. It means your website isn’t available to your users and customers, or worse it could be displaying a message or links that do not reflect your brand. This can feel very stressful for most of us. By following our simple recommendations above, you can ensure your website is as secure as possible and you will have a plan in the event that you do get hacked. If you would like a complimentary security audit of your website you can contact our experienced team or learn more about our Wordpress hacking recovery service.