Fixing Your Hacked WordPress Site

• in categories: advice • by: Michelle Balestrat

Owning your own website can come with a host of headaches, from web design to upkeep and perhaps even running your own online store. If you’re among the many users who’ve decided to opt for a WordPress installation, you might enjoy a much simpler job in running and maintaining your site.

Close up of some hands, typing at a laptop computer. WordPress is running in the browser window.

However, the popularity of WordPress makes it a particularly rewarding target for hackers. We’ve previously covered how to safeguard your WordPress site, but if the worst should happen, what can you do to repair the damage?

Thankfully, there are some solid steps you can take to help repair your site, and help to prevent further attacks. Read on to find out how to bounce back after a WordPress compromise.

##1. Knowing when you’ve been hacked## It’s not always obvious when your WordPress site has been compromised. Particularly with its default settings, WordPress might not make it obvious if your site has been a victim of a breach.

Some common signs include the sudden appearance of popups on your site, auto-linking of keywords to external sites, ‘blacklisting’ of your domain’s email address for spam activity, loss of information, or suspension of your hosting account. Of course, your site might also have been deleted or defaced – both of which are easier to spot.

##2. Contacting your hosting provider## Your web host is instrumental in helping you recover from a site breach. A good hosting company should help you through the recovery process, so a call to your host’s technical support should be your first response to any security compromise involving your site.

Your host might be able to provide information about when and how a hacker gained access to your site, as well as possible points of entry or methods used. Additionally, they may be able to help you restore your site’s original content if it has been deleted or defaced.

If you discover that your hosting provider isn’t helpful in this regard, you can take the opportunity to switch your web host once you get your site in working order again. No matter how cheap they may appear, a negligent host simply isn’t worth your money.

##3. Install a security plugin## Your themes and plugins can create a security hole if they’re out of date, and allow for backdoors if they’re not patched.

WordPress security plugins can allow you to quickly scan your plugins and track changes made to your site in real time. If you’ve already fallen victim to a hack, they can identify possible problem areas in your security that you can patch.

For a review and deeper explanation of the various security plugins available, take a look at Tripwire’s Guide to WordPress Security Plugins.

##4. Keep (and use) your backups## If you’re running a website, it goes without saying that you should be keeping regular backups. If you have, then your recovery process will be significantly smoother!

If you haven’t, then it’s a great opportunity (and lesson learned) to start immediately. WordPress’ own knowledge base article can help you learn the ropes, and there are even a few plugins to make your backup process very simple if you’re intimidated by working with databases.

If you’re lucky enough to have a recent backup at hand, you can restore your backup to recover your site’s pre-hacked state. Unfortunately, that will mean losing any changes you might have made after the backup.

Remember, you’ll also need to go back and patch any security issue that lead to your hack too – so take the opportunity to beef up your WordPress security.

Boost your breach protection!

Email Watchdog

Guard your online accounts.
  • 10 and 50 email packs available.
  • Detailed breach notifications.
  • Watchdog Update email newsletter.
  • Priority email support.
Learn More

Business Watchdog

Protect your company’s accounts.
  • Protect all email addresses in your domain.
  • Detailed breach notifications.
  • Exclusive access to your domain’s breach status.
  • Watchdog Update email newsletter.
  • Priority Email Support.
Learn More