Main Website

How to clean and secure a hacked WordPress website?

WordPress website hacked?

Firstly, don’t panic. It can be scary to see your website infected by malware, but panic won’t help. Hacked websites are not exactly uncommon.

According to a Forbes report, up to 30,000 websites are hacked every day. While this number may not make you feel better, it shows that security breaches are common. More importantly, this shows that there’s a way to deal with a hacked website and make it secure again.

For AppMySite users, a secure website means a secure app as well. Since you make an app with your website, your site’s security plays a huge role in the app’s overall performance and functionality.

So how can you fix a hacked website? This article lays down the steps you must take to do the same.

Step 1: Check if your website has been hacked

In some cases, website owners wrongly assume their site has been hacked. This is generally when a site is down with an error like internal 500 or any other error. These errors are caused by internal website issues, and not by a third-party hacker.

It is thus important to first check if your website has indeed been hacked. Here are a few ways you can do this:

  • Search engine spam: Enter the following query on Google (replace this with your own website URL). In the search results, if you see spammy pages, it is probably a sign that your website is hacked. Generally, these pages contain Japanese letters or show titles & meta that are completely unrelated to your website.
  • Website redirects: If you open your website and are redirected to another website, it is a strong sign that your website is infected with malware.
  • Unable to login: If you’re unable to open the wp-admin page, or your login credentials don’t work, it’s a sign that someone has gained access to your website.
  • Google warning: If you open your website from a Google search result and a security warning pops up, it is a sign that something’s gone wrong with the site.
  • Security plugin warning: If your security plugin alerts you about potential malware, it’s an obvious sign that your site is under attack.

Generally when a website is hacked, one of these two things happen:

  • Your website redirects to a third-party website.
  • You see a blank screen upon opening your site.

Once you’re sure that your website is under attack, you can take the steps necessary to resolve the issue in question. Before you begin, take a full backup of your WordPress website.

If your hosting partner learns about the site being infected with malware, your account may be deactivated. Most hosting services are within their rights to delete your account if they find malware on your site. To avoid losing all your site data in such a case, make sure you have a backup. Once this is done, you can proceed

Step 2: Check if you can access your admin panel

Diagnosing the root cause of a website can be a tedious process. However, if you still have access to your website’s admin panel, the process is easier.

Go through the following steps if you still have access to your backend:

  • Extra admin users: Go to the Users module and see the admin users on your website. If you see an unrecognized user, delete them immediately. Next, change your own admin password. It is advised that you set a long alphanumeric password.
  • Put site under maintenance: Enable maintenance mode on your website. This is to make sure no one can view your web pages while the site is being fixed. There are a number of plugins you can use to put your site in maintenance mode.
  • Install a security plugin: If you don’t have a security plugin, install one. WordFence is a good plugin to start with. Once you install it, run a website scan. The plugin would be able to show the files and scripts injected by the hacker. You can remove and fix the infected pages and files.

You can find malicious files manually by opening them one at a time using an FTP client like Filezilla. However, this can be a big challenge if you’re not familiar with the technical side of WordPress and site security.

In such a case, using WordFence is the best way to clean your website. However, installing WordFence is out of the question if you can’t access your website backend. Proceed to the next step if this is the case.

Step 3: Regain access to your admin panel

To regain access to your admin panel, you would need to first diagnose which part of the website is causing issues. For instance, if your site is being redirected to spam websites, you first need to find where the malicious script is being triggered from.

Deactivate plugins

Follow the steps below to see if a plugin has infected your website:

  • Login to your website’s server through FTP and navigate to the plugins folder in the wp-content directory.
  • Here, rename the folder plugins.old. Doing this will deactivate all your plugins.
  • Now try opening your website and backend. If you can open it without any redirects, it means there’s a problem with a plugin on your website.
  • Rename the folder back to plugins again on your FTP server. Now open the plugins folder and rename every plugin file as pluginname.old (replace it with your actual plugin name). After renaming a plugin folder, try loading the website again.
  • Continue this process until your website and backend load properly. When it does, check the last plugin you renamed. This is the plugin that is causing the error to occur.
  • Download a fresh copy of the plugin and replace it with the infected plugin folder.
  • Your website should now open fine without any redirects or errors.
Deactivate themes

Follow the steps below to see if a theme has infected your website:

  • Navigate to the themes folder in the wp-content directory.
  • Rename your current active theme and try loading the site again.
  • If it does, there’s an issue with your current theme.
  • Download a fresh copy of the theme from the developer and replace it with the current theme file.
  • Your website should open fine after this.
Audit WordPress installation files

If deactivating themes and plugins does not work, there’s a chance your WordPress core files are infected.

In any WordPress installation, there is a fixed number of directories and files. These include:

  • wp-includes directory
  • wp-admin directory
  • wp-content directory
  • A collection of directory-less files.

If you see any directory or file that shouldn’t be there, there’s a good chance that it contains the malicious code in question.

How would you know if a file is a native part of WordPress? For this, you can download the official WordPress installation directory. You can get this from the official WordPress website for free.

Simply download the file and take a look at the folders and files in it. Then compare it to your own WordPress installation in your FTP server. If you find an extra file, download and view it on Notepad. If the code appears obscure and encrypted, it is probably a malicious file.

Once you remove the extra files from your server, try loading your site again. You should be able to log in to your backend.

#4: Update core WordPress, theme, and plugins

Once you have access to your website again, remember to update all your themes and plugins. It is most likely that your website was hacked because of an outdated theme or plugin. Nipping this issue in the bud is crucial, which is why you should update your themes and plugins.

Additionally, you should update your core WordPress. An outdated version of WordPress can be extremely problematic. You can run into several plugin conflicts and other support errors without an updated version of WordPress. In some cases, your plugins may stop responding entirely because they cannot support an outdated WordPress version.

While updating your website assets is important, you should still be careful before deploying them.

Updating everything at once could lead to website errors. This generally happens because updated themes and plugins often conflict with each other, causing errors like internal 500 and WSOD.

A better option is to create a staging WordPress website and make all your changes there. This is the best way to update your website without the danger of having downtime on your website.

#5: Set files and directories to recommended permissions

Malicious parties are able to gain access to your website in some cases because your file permissions are set incorrectly. If this is the case, malicious parties can access your WordPress files illicitly and makes the changes they wish to.

The solution? Update your file permissions.

For directories, it is recommended that you set permissions at 755. For individual files, it is recommended to set file permissions at 644. These recommendations can change based on the type of website host you have. We thus recommend that you ask your website host about the ideal file permissions for your WordPress site.

WP Engine: Protect your website with the most secure hosting partner

wp engine

Fixing a hacked website can be a huge challenge if you’re new to cybersecurity. However, if your website host is WP Engine, dealing with hacked websites is not something you have to worry about.

WP Engine is a fast, reliable, and secure hosting solution for WordPress websites. As a managed website host, it covers all the bases of essential site security. Some of the security mechanisms offered by WP Engine are covered below:

  • Free SSL certificates to establish a basic level of security for all your websites.
  • Platform-level protection again external threats and attacks aimed at exploiting your website’s vulnerabilities.
  • Managed WordPress updates to make sure your website is up to date.

Besides these security benefits, WP Engine also delivers fast loading speeds for your website. With managed CDNs and optimized caching features, choosing WP Engine ensures your website loads fast anywhere in the world.

In conclusion

A WordPress website being hacked may seem like a unique situation. This is not really the case. A few outdated plugins or themes can easily create vulnerabilities in your website which give malicious parties a backdoor.

In this article, we discussed how you can secure and clean your hacked WordPress website. If you’re using a DIY Android & iOS app maker like AppMySite, securing your website will also lead to hardening your app’s security.

The best way to safeguard your website from being hacked is by updating your themes, plugins, and most importantly, WordPress itself. You can also be more selective about the plugins you install and ask your host about the security mechanisms in place to protect your site.

Related Articles