How to fix a Hacked WordPress Website

2-Factor Login

Although the custom sites we build here at CU*Answers are packed with multiple security layers, its a good idea to explain the process of fixing a hacked site, since we know security vulnerabilities will always be of somewhat a factor in the world of technology.

Step 1 – IDENTIFY THE HACK

There are scanning tools online such as SiteCheck to find malicious payloads and malware locations. If there is a suspected website hack, then the next step would be to check the integrity of your core files. You can login via SFTP to make sure there hasn’t been any modified files.

If using SSH, you can view all modified files within the last 15 days using the command below.
$ find ./ -type f -mtime -15

Step 2 – REMOVE THE HACK

To clean your hacked website you’re going to want FTP into your site and clean any files where suspicious code has been added in. You’ll also want to go into your database as an admin and search for any suspicious content, keywords or links that shouldn’t be in your tables. It’s a good idea to make frequent backups of your website as a fallback in the case of a website hack. Once the files have been cleaned up or the website has been reverted back to a clean state, you’ll want to secure your user accounts and give all users a new secure password.

Also, you’ll want to make sure that there are no hidden back doors in your files. Backdoors are snippets of code that a hacker will leave on the site that will allow them to get back in at a later time. These type of snippets are often left in your wp-config file, theme, plugin, or uploads folders.