My WordPress site has been hacked! How do it fix it?

Updated July 7, 2020

If your site has been hacked you want to take action as quickly as possible. The longer you wait, the more of a mess the hackers can make of your site, and your google ranking!!!  If your site has not been hacked (great!), review this article on how to secure your WordPress site so you will not get hacked in the first place.

How to get your site back as quickly (and cost effectively) as possible:

1 – Find your backups

Have a backup? If yes, great! Restoring a clean backup is the easiest and most cost effective way to recover your site back from a hack. (9 Planets Web Design hosting customers can access daily WordPress Time Capsule backups going back a month, and cPanel backups weekly going back 6 weeks.) 

Maybe, as far as you know, your site has not been backed up..?  Don’t panic yet!  Check with your host.  Backups are often included in a hosting plan or your host may be able to get you access to their backups of your site (sometimes for a nominal fee). 

And what if you really don’t have a backup? If you double check with your host and there are no backups to be found; Yikes! You may want to consider finding a new host! (For example, maybe consider one of our 9 Planets Web Design hosting packages. All of our plans come with backups!) But if a hack has already occurred and you don’t have any backups available to roll back to, then you’ve got a potentially big job on your hands. Jump to clean-up options.

2 – Restore a backup

If you’ve found your backups, then find the most recent one and restore it. If that one is hacked, try an earlier version. Keep going back until you find one that is not hacked. 

Once you restore your backup, be sure to reset:

  • Your salts
  • All WordPress user passwords
  • Your database and database user passwords

You’ll also want to log into WordPress and make sure all WordPress files, plugins and themes are up to date, and that your PHP version is up to date. You may also want to take a look around your site via FTP or a file manager to see if you can spot any suspicious looking files that may have been added by a hacker and are lurking around to grant the hacker access again. We recommend you also install a security plugin like Wordfence, configure its firewall and run a security scan.

If all this sounds like too much, then get help! There are a lot of hack cleanup services out there to choose from. For 9 Planets Web Design hosting customers, our Managed + plans include Hack Restore services up to three times per year. Our hosting customers can also add Hack Restore to any other 9 Planets Web Design hosting plan or pay for a one-off hack restore if/when a hack occurs.

Clean-up Options

Do it yourself. There are a lot of options out there for services that clean up hacked sites, but they can be expensive. If a clean-up service is not in your budget or you’d just like to give it a try yourself here’s how to get started:

Hire a clean-up service. Depending on how important your website is to your livelihood, or if you were not able to find a backup of your site, you may want to employ a professional to take care of cleaning up a hack for you.  You can contact a professional service like Sucuri or WP Fix It. There are a lot of options out there these days, so do your research and find one that fits your needs and budget.

9 Planets Web Design hosting customers always have access to backups. We automatically install a security plugin and configure automatic or batch updates to help prevent hacks in the first place. If that isn’t enough security for you, 9 Planets Web Design hosting customers can add our low cost Hack Restore services to any hosting plan for just $5 per month or pay for a one-time hack recovery if and when it becomes necessary.

 

This post contains affiliate links, which means that if you click on one of the product links we’ll get a small commission.  We ONLY recommend products that we actually like and use!