Cleaning a WordPress Site that has been Hacked

Recently, WordFence, an internet security plug-in used on WordPress sites, created a guide on what to do if your WordPress site has been hacked! Since, we use WordPress as our primary virus and malware protection software for all of our web development projects at Hilo Web Design – here are some tips for you on how to get your website back to normal if you feel you have been hacked.

1. Back Up Your Site Now

This is the most important thing we suggest to our clients. We run back ups of our hosted websites on a regular basis in the event that something does happen. Because of this, we can easily use programs like TimeMachine and turn back the “hands of time” on a website that has been hacked to a previously backed-up version!

This step is crucial in the event of a website being hacked. The adverse would be recreating all of the website pages individually which would take a lot of time, energy, and potentially money if youʻre not able to update the website yourself.

2. Use a plugin (like WordFence) to clean up your website! Use the following steps from this guide:

  1. Upgrade your site to the newest version of WordPress.
  2. Upgrade all your themes and plugins to their newest versions.
  3. Change all passwords on the site, especially admin passwords.
  4. Make another backup and store it separately to the backup we recommended you make above. Now you have an infected site but that site is running the newest version of everything. If you break anything while cleaning your site using Wordfence you can go back to this backup and you don’t have to retrace all the steps above.
  5. Go to the Wordfence options page and make sure that under the “Scans to include” heading, absolutely everything is selected including the option to scan files outside your WordPress installation. If the scan takes too long or does not complete, you can deselect this last option and also disable “high sensitivity” scanning and “image file” scanning. Then try again.
  6. When the results come up you may see a very long list of infected files. Take your time and slowly work through the list.
  7. Examine any suspicious files and either edit those files by hand to clean them or delete the file. Remember that you can’t undo deletions. But as long as you took the backup we recommended above, you can always restore the file if you delete the wrong thing.
  8. Look at any changed core, theme and plugin files. Use the option Wordfence provides to see what has changed between the original file and your file. If the changes look malicious, use the Wordfence option to repair the file.
  9. Slowly work your way through the list until it is empty.
  10. Run another scan and confirm your site is clean.

3. Install a Plugin that will scan your website regularly. 

As we mentioned, we use WordFence and regularly run scans of our websites as a precaution rather than a reaction! In situations like this, having a secure website is a lot easier than most people think and only takes a few steps to install!

If your companyʻs website has been hacked and you feel you might need help in getting the website back to normal function, you can contact us and weʻd be glad to take a look and see where we might be able to help!

Leave a Comment

You must be logged in to post a comment.