How to Clean a WordPress Website That is Hacked?

Posted on Jan 06, 2020
How to Clean a WordPress Website That is Hacked?

No one ever wants to hear the message that “Your WordPress site has been hacked,” such words cause panic and stress you out with the fear of losing the business. Your hosting provider may email you or you yourself browsed on your website and see an annoying screen.  Definitely, the first thing hitting your mind will be “if it’s hacked?”.

This article will teach you all about cleaning a hacked WordPress website, and also on removing any sort of malware from the website and securing it from being prey for hackers ever again. 

We’ll guide you step by step, even a layman can learn how to recover their hacked website.

Also Read: What are the Reasons for Choosing WordPress?

Why WordPress Website Gets Hacked?

Why WordPress Website Gets Hacked?

There are numerous reasons for WordPress websites getting hacked. One main reason for the same is the popularity of WordPress. As of now, it is controlling more than 34% share among all types of websites available on the internet, which on the other hand makes it a prime target for hackers. 

As per the most recent research by Sucuri, Websites built using WordPress stood way above the rest, accounting for over 90% of all hacked CMS available these days. 

Be that as it may, those figures shouldn’t refrain you from utilizing WordPress as the prime choice for your CMS, because the absence of taking care of the fundamental security aspects and negligence from the users is the main driving factor for the hacking of WordPress websites. 

Remember that indeed, in spite of having a super secure website, a person with the malicious goal or a compromised hacker will in any case attempt and discover the escape clauses and passageways to hack your website and this is applicable to any platform, let alone WordPress. And WordPress being a popular platform, will obviously have more hackers to target and finding new ways to hack. That being a fact, there are some standard things that you can do, in case of the unfortunate event of your website being hacked.

Also Read: Tips to Secure WordPress Website

Steps to Recover A Hacked WordPress Website

Steps to Recover A Hacked WordPress Website

1) No Need to Panic – Keep it Diligently

First of all, do not get into a panic situation as this is not going to fix your website. Secondly, it’s not the end of anything, as you can still revert your efforts back and again scale it.

Below written practices are enough to clean your WordPress from the hack. However, in a case, you are afraid of doing this on your own, we recommend you consult your site developer or WordPress assistants.

2) Confirm the Hack

Confirm the Hack in your WordPress website

Saying this would sound somewhat senseless, but however, you need to reconfirm the hacking of your website and also the extent of the same. Sometimes, chances are there it might look like a hack, but in reality, that could just be a specialized/technical problem that you’re encountering – so figuring out the same first, is really important.

You need to contact the hosting provider of your website and confirm that the issue is not related to any update on their server or maintenance of it and also not related to reaching your allowed usage limits of any sort, especially if you’re using a shared hosting plan.

However, if you’re seeing some obvious messages like the below, on your website’s homepage, then it’s a clear indication that your website has been compromised, undoubtedly.

But if it is not so evident, then you may have to look at the other malfunctions and assess the specific circumstances, like explicit pages, odd promotions, strange sidetracks, and so on. 

To get on a quick conclusion, and before getting into a cleanup task, ask the below questions to yourself. 

  • What did you last saw your website in its real form? 
  • Is Google showing security caution when hitting the site? 
  • Are you able to log into your WordPress dashboard? 
  • Is the website being redirected to any other odd page or to another website? 
  • Does the error/malfunction due to hack present on all the pages? 
  • Are peculiar and strange advertisements showing up on any page of the website? 

Pen down the answers that you get for the above questions as this can possibly limit and assist you in identifying what sort of compromise has happened. 

This data would then be able to be utilized to give to your hosting provider or another expert in case you’re not going to manage the fix yourself. 

In case of the unfortunate event of your website being hacked and you’re going to manage it yourself, you can follow this guide and steps, which will assist you with understanding the kind of hack, and the things you need to do to fix the site.

Also Read: Common WordPress Errors

In case of a hack, these are the WordPress files that can get compromised:

  • wp-config.php
  • .htaccess
  • index.php
  • header.php
  • footer.php
  • functions.php

Hacking of the WordPress config file

The wp-config.php file by default is located in the root folder. It’s a highly critical file as it incorporates the database details of the website, so as to link it with its database. 

It likewise includes the major security keys of your website just like other significant data that is necessary for operating your site effectively. 

The significance of this file makes it an ideal objective to attack this always. It is not possible to access it directly unless you are using a plugin on your website that creates the loophole. Such a plugin cause to uncover this particular file to the hackers. 

Hacking of WordPress .htaccess

Being another vital file, this also is a prime target of hackers. It’s an amazing file that additionally runs the site. It’s generally utilized for your sidetracks, permalink settings, SSL utilization, cache, hotlinking and deal with naming or renaming the extensions of your files. 

Once a .htaccess is hacked, hackers could assume control over the URLs of your website and could divert them to some other website. One typical example of this scenario is that, in the event that the visitors of your website land from a specific search engine, they at that point could get diverted to another website. 

A .htaccess hack can be demonstrated by a Code like this :

This is a coward trick to use the authority of your site such as its backlinks and diverting traffic to their own website. So, if you are running a successful blog or amazon affiliate site, be eager to secure it. Don’t live at the stack of losing your business. 

Also Read: WordPress REST API

Index File hacking in WordPress

The file named index.php is utilized to serve center WordPress files and also the diverse Theme files of your site. However, a hack of the index.php could include the hacked files along with the other normal files which thus hacks all the files on your website. 

Ordinary hacks include entering base64 code like underneath.

It will consequently display pop-ups of strange ads and redirecting traffic from your website to others.

Hacking of WordPress Theme File

Files that a WordPress theme basis to display a website is header.php, functions.php, and footer.php. 

These files would then be utilized to show the headers and footers on your website. They manage any theme related method that may occur on a WordPress website. 

At the point when these files are being hacked, they typically bring about incorporations of terrible files all through your site. 

These can either be iframe files, base64 code and above this, JavaScript files which can either divert a site, display advertisements or in most pessimistic scenario situations, interject malware/infections.

Code like the above picture predicts the website theme files have been affected.

Also Read: Debunking Common WordPress Myths

3) Backup Your WordPress Website

Backup Your WordPress Website

Creating a backup of your current website now would be a good idea. You might wonder why as it’s not hacked now and what is the point of backing up it? But it’s necessary for the following reasons: 

  • The web host company of your website might erase the backup files to accommodate multiple other clients on the same server. 
  • Troubleshooting can also be done later on at a local level. 
  • Having an additional backup is anything but an ill-conceived notion. 
  • The backup files can be given to experts to break down remotely without giving direct access to them to the site or the server panel. 
  • On the off chance that things deteriorate, at that point, you will still have a backup that is not as obsolete. 

So assuming you now understand the significance of taking a backup and to take one by means of your hosting account. All you’ve to do is to ensure that both your website files and database is included in your backups.

Also Read: Speed Up WordPress Website

4) Restoring a Backup

Restoring a back might be a period for you to grin. On the off chance, if you can reestablish a backup of the website exactly as it was before the hack, it’s going be a lot simpler and quicker to recoup your site. All you have to do is to basically reestablish your site. At that point, you have to change your passwords and for this, you may need to verify your site, so as to ensure that another hack doesn’t occur.

Anyhow, in case you have a mega website where a lot of posting, publishing happens and that too for a long time, it’s not easy to restore a backup. Say, if it has 1000s of blog posts or e-commerce transactions then restoring the backup will not help out. You will need to manually find the affected areas and fix them.

Acowebs leverage the power of React in our WordPress and WooCommerce plugins so as to attain a top-notch performance. All our plugins are designed for giving equally seamless performance experience to these. Our plugins, WooCommerce dynamic pricing which is for applying bulk discounts quickly and WooCommerce checkout field editor which helps the website admins to customize the checkout form fields and WooCommerce product options which is basically to help the website admins to add extra product options or custom fields in the WooCommerce product detail page (The free version of this plugin WooCommerce product addons is available in WordPress plugin directory).

Jamsheer K

Jamsheer K, is the Tech Lead at Acowebs and it's parent company Acodez. He mostly writes about Wordpress, WooCommerce and other programming languages and his writing normally comes from rich and hands-on experience in these technologies.

View All Blogs