No one wants to think about their WordPress site being hacked. But the truth is, it can happen to anyone. In fact, WordPress sites are hacked every day. The good news is, there are a few things you can do to try and recover your hacked WordPress site. In this blog post, we will explore 8 of those things. From changing your passwords to restoring your database, we’ve got you covered.
1. If you have a backup – Restore
If you have a backup of your WordPress site, you can restore it to an earlier point in time. This will revert all changes that have been made since the backup was created. To do this, follow these steps:
1. Log in to your WordPress site administration panel.
2. Go to the Tools -> Export screen.
3. Select the type of content you want to export (Posts, Pages, etc).
4. Choose the format you want to export your content in (XML, CSV, etc).
5. Click the Export button.
6. Save the exported file to your computer.
7. Go to the Tools -> Import screen.
8. Choose the import method that corresponds to the file type you exported (WordPress, Blogger, etc).
9. Follow the instructions on that screen to finish importing your content.
2. Check your Uploads directory for malicious files
If you think your WordPress site may have been hacked, the first thing you should do is check your Uploads directory for any malicious files.
To do this, simply log into your WordPress site via FTP and navigate to the /wp-content/uploads/ folder. Once there, take a look at all of the files that are present and see if anything looks out of place or suspicious.
If you find any files that you don’t recognize or that seem to be malicious, delete them immediately. You may also want to consider changing all of your passwords (including your FTP password) just to be safe.
Consider using the WooCommerce Customer Post Type plugin for your Store
3. Update all the plugins and themes
1. If you haven’t already, update all of your plugins and themes to the latest versions. This will help close any holes that may have been exploited by the hacker.
2. If you’re not sure which plugin or theme may be responsible for the hack, you can try deactivating all of them and then reactivating them one by one. This will help you narrow down the culprit.
3. Another option is to restore a clean backup of your site if you have one available. This will overwrite all of your current files, including any malicious ones that may have been injected by the hacker.
4. Finally, if you’re still having trouble tracking down the source of the hack, you can reach out to a WordPress security expert for help.
4. Remove unused plugins and themes
In order to remove unused plugins and themes, you will need to access your WordPress site via FTP. Once you have accessed your WordPress site, you will need to navigate to the “wp-content” folder. Within the “wp-content” folder, you will find the “plugins” and “themes” folders.
Inside of the “plugins” folder, you will see a list of all the plugins that are installed on your WordPress site. You will want to delete any plugins that you are not using. To do this, simply right-click on the plugin and select “delete.”
Next, you will want to navigate to the “themes” folder. Inside of the “themes” folder, you will see a list of all the themes that are installed on your WordPress site. You will want to delete any themes that you are not using. To do this, simply right-click on the theme and select “delete.”
Download free theme Comre – Coupons & Affiliate WordPress theme
5. Disable the write permissions for a while
It is important to disable the write permissions for a while after your WordPress site has been hacked. This will help to prevent any further damage from being done and will give you time to clean up the mess.
To do this, you will need to login to your hosting account and go to the file manager. From here, you will want to navigate to the folder that contains your WordPress installation. Once you are in this folder, you will want to find the wp-config.php file and open it in a text editor.
Once you have the wp-config.php file open, you will want to look for the following line of code:
You will want to change this line of code so that it says:
After you have made this change, you will want to save the file and upload it back to your server. This will disable the write permissions for all of the files on your WordPress site, which will help to prevent any further damage from being done.
6. Change your WordPress Theme
One of the first things you should do if you think your WordPress site has been hacked is to change your theme. This will help to ensure that the hacker does not have access to any back-end code or files, and it will also help to reset any settings that may have been changed.
If you’re not sure how to change your WordPress theme, don’t worry – it’s actually quite simple. Just follow these steps:
1. Log in to your WordPress admin panel.
2. Go to the Appearance > Themes section.
3. Select the theme you want to use from the list of available themes.
4. Click the Activate button.
Your WordPress site should now be running on the new theme. If you’re still seeing signs of hacks, such as strange code or links injected into your pages, then it’s possible that the hacker has gained access to your database. In this case, you’ll need to take further action – but changing your theme is a good first step in securing your site again
7. Rename The Admin And Other User Folders
If you’re running a WordPress site, it’s important to take security seriously. One of the best ways to secure your site is to rename the default WordPress admin and other user folders. This will help to deter hackers and other malicious users from finding and exploiting vulnerabilities in your site.
To rename the admin folder, you will need to access your site via FTP or SFTP. Once you’re logged in, navigate to the /wp-content/ folder. Inside of this folder, you will see the /plugins/ and /themes/ folders, as well as the /uploads/ folder. You will also see the /admin/ folder.
Rename the /admin/ folder to something else – for example, you could call it /my-admin/. Once you have renamed the folder, open up your wp-config.php file and add the following line of code:
define( ‘ADMIN_COOKIE_PATH’, ‘/my-admin’ );
Save your changes and upload the wp-config.php file back to your server. Now when you try to access the /wp-admin/ area of your site, you will be redirected to the new /my-admin/ folder that you created.
Next, you can rename the other default user folders – /plugins/, /themes/, and /uploads/. To do this, simply follow the same process as above: access your
8. Update WordPress Core, Plugins, and Themes
Regularly update the WordPress minor and major versions. Keep updating your themes and plugins. WordPress offers to auto-update plugins that are hosted on wordpress.org. Set auto-update for those plugins that you are sure do not cause to break the website.