Easy Guide to Recover your Hacked WordPress Website

There is nothing worse than waking up with a hacked website. It sucks. As simple as that. Not only it will affects your ranking but also causes readership to expose to trojans and viruses which you would never want or may result in the content loss. If it happens, your first reaction would be panic, which is appropriate to the situation because you are still alive and can do something to have it back.

A hacked website will either let you log in again (if you are little lucky) or have you locked out. Let's look at both the cases individually.

If you can still log in!

It happens 3 out of ten times that you can access your WordPress admin area even after a hacked website. Most of the times, you'll be notified by your web host or Google and they might show you the URLs and hacked files.

Once you receive the notification, change your login details, seal the entry point, remove the sabotaged files and reinstall your WordPress from admin area. You might need to install the fresh files and themes to replace the infected themes.

Oh no, you’re locked!

At other times, hackers have you locked out of your website, which is a worst case. First of all, contact your web host and get the list of infected files. Pressurize, if they aren't giving because you highly need those files to follow rest of the steps.

Locate Backdoor of the Hacker

Backdoor means the files uploaded by the hackers onto your WP site. It passes the authentication and gives a hacker access to your server. First, clean up your files, local machines and update everything. It can be a long and tiring process as you have to find out each affected file individually.

Simply log in to your cpanel>file manager>delete/replace to find the victimized file and delete them. But remember that you might need to remove the entire themes and plugins. At least, you have the site now, which you can again customize with the help of plugins and themes.

Rebuild Your Website

After you've recovered your website, you might need to follow the process of WordPress installation again as you must have replaced old plugins with the new ones. Check the functioning of your website by ensuring widgets, social media; contact forms are working fine. Add all those plugins that are affected on your website.

Once you've cleaned up and rebuilt your website, communicate with your host to remove you from their blacklist. Recovering your WP site doesn't mean that you won't get hacked again, and that's why it's important to seal all the security holes.

Backup Your Data


Preparing a backup of your website can save a lot of time and efforts that you will spend on re-creating the lost content. There are a plenty of hosting providers who will offer backup services within their packages. Go for those hosting providers. Also, you'll probably want to keep your backups offline for extra peace of mind.

Take Advantage of Managed to Host

Investing in a host who knows everything from creating a wordpress website and managing it is a good decision. It might be costly but worth a shot because you don't want to ruin your online business just because you didn't want to spend money on securing it. Not only it'll save your website but also secure your customer's information.

Monitor Your Website and Server

There are plenty of service providers that offer monitoring tools and services. You need to select one of them because it'll help monitoring the traffic on your website and server. Tracking every detail will ensure more security and help you removing threats on your website.

Don't Keep Unnecessary User Accounts and Files

Keep your database clean from accounts and files that you no longer need because hackers are experts in manipulating accounts and files that are forgotten. So, may it be extra databases, environment or test accounts that you need, but ensure that you clear the ones that are not of any use!

Preventing Weak Usernames/Passwords

PLACE IMAGE “weak username and password” HERE

Choose a password and username that is not easy to detect. You can use the standard “password strength detector” for checking the strength of your password. Keeping it simple won't help as it can be hacked anytime and also ensure its privacy.

Tighten up Your Security

Set your server access to Secure Secure Shell (SSH) or FTP (SFTP). By doing this will ensure that your website is operating safely and is safe from the reach of hackers.

On Theme or Plugin Bugs

Sometimes, the themes or plugins that you are using contains the unexpected security flaw. Before installing any plugin or WordPress theme, make sure you have read the information on its usage. Try staying away from the plugins or themes that are free because free always has its deary affects. Also, try this on Google to ensure more safety of a plugin: “[insert plugin name] security.”

Updating Plugin/Themes

Another imperative task that you need to ensure for your website is its safety. Update plugins and themes on the regular basis because the updated ones always are bug-free and contain more function than the last one. Also, remove all those plugins that you no longer use on your website.

Consider Premium Services


As mentioned earlier, free WordPress themes and plugins usually are not bug-free which makes them highly risky to use on your website. Buying a theme or plugin from a developer makes sure that you're getting a secured and fully-functional product. Not only themes developers but also hire someone like Sucuri who provides additional security to your website and keep your website away from hacking threats. Furthermore, choose those providers that have a good rating and are reviewed by multiple users.

Disabling File Editing

Disable file editing in the dashboard of your WordPress account just by including this code to the wp-config.php file: define( ‘DISALLOW_FILE_EDIT’, true);

Scanning Plugins

There are various plugins you'll get in the market that checks your website files to look for anything suspicious. One of those plugins is Exploit Scanner. Highly skilled WP developers have developed it. Run this plugin on your website on the regular basis so that you are aware of anything skeptical. There is one disadvantage to this plugin. It's prone to false positives. So, one has to be a little careful while examining the results derived by the plugin.

WordPress Security Best Practices

We all know that WordPress is one of the biggest CMSs, and it keeps updating its services on a regular basis. Keep a check on all the new and updated security practices followed by WordPress as this is very important for the safety of your website.

Getting hacked is probably the saddest thing that could ever happen to a website owner, and we know that there are plenty of unethical hackers who derive pleasure from malice. We can't stop them, but we can take right steps to prevent our websites from their attacks and in case, a website gets hacked, we can recover that too.

If you know of any nasty run on the internet, do let us know how you recovered your website. Sharing is helping each other from spammers and hackers.

Catherrine Garcia

Catherrine Garcia, a web developer and a talented blogger with passion on writing articles for top web development blogs. Follow her on Twitter.

Get more to your email

Subscribe to our newsletter and access exclusive content and offers available only to MonsterPost subscribers.

From was successfully send!
Server error. Please, try again later.

Leave a Reply