Recovering A Hacked WordPress Site

WordPress is one of the most popular content management systems. More than ⅓ of websites use it, and it’s easy to see why. WordPress is free, user-friendly, and has many useful features. Unfortunately, it’s not immune to cyber-attacks.

WordPress websites have one of the highest numbers of vulnerabilities and are among the favorite websites among hackers. Fortunately, there are some things you can do to make your site more secure.

If you’d like to learn more about your website security, and other WordPress-related topics, you can visit The Web Monkey. They have plenty of useful information and tips on how you can improve your website’s defense.

But what if it’s too late and you’ve already been hacked? If that’s the case, you’ve come to the right place. Here are a few useful tips to help you with recovering a hacked WordPress site.

Identify the Cause

When it comes to hacker attacks, you need to remain as calm as you can. Seek your inner Dr. House and treat your website as an infected patient. That’s why the first thing you should do is to find the cause of the attack.

And how can you do that? By checking your website’s symptoms, of course. See, if you can:

  • Login to your admin panel
  • Access your website without being redirected to another site
  • Check whether your site contains any suspicious-looking links
  • Find out if Google defines your website as insecure

Check any of these symptoms, and write them down. Doing that will help you in identifying the cause of the attack. It can also come in handy when recovering your site step by step.

A good idea is also to check with your hosting company. Maybe they’ll tell you more about the attack and help you during the recovery process.

Recover Your Backup

Cyber attacks are among the leading causes of why you should always make regular backups of your websites. The frequency may depend on how much and how often do you post on your page. Nevertheless, they’re essential if you want your site back.

Choose the right backup from any time before the attack, and restore your website with it. But what if you don’t have your backup? Well, then you can try and remove the hack step by step.

It’s a much longer and more complicated way, and it may not bring you peace of mind. Why? Because when it comes to cyberattacks, it’s hard to detect every piece of malware, especially if you do it yourself.

Seek and Destroy

Have you ever heard of the backdoor method? People refer to it as a hackers way to bypass the website’s standard authentication remotely and undetected. That’s why, when restoring your WordPress site, you should delete all inactive plugins and themes.

Why? Because there’s where hackers hide their backdoors. Unfortunately, deleting them is not enough. You should also scan your websites for any potential hacks.

After you scan and detect any hacks, you have two options. You can either delete the hack manually or replace it with the original file from your backup.

There are many useful tools for scanning and authentication you can use, so it’s essential that you do your research and find the one that suits you best.

Change Your Passwords and Secret Keys

Changing your passwords is essential if you want to retake control of your website. When it comes to WordPress, you should update not only your primary password, but also cPanel, FTP, and MySQL passwords.

Also, don’t change your password from 123 to 1234. Make sure that your password is firm and hard to break. Otherwise, you may expect another attack anytime soon.

In addition to changing your passwords, you should always adjust your secret keys. They encrypt your passwords and keep them hidden from snoopy eyes.

Strengthen Your Defence

Congratulations, you’ve successfully recovered your hacked WordPress site. Now it’s time for you to make sure that you stay safe. There are a few things you should do to lower the chances of another hacker attack:

  • Do your backup regularly
  • Change your passwords and make them strong
  • Install a reliable firewall
  • Limit login attempts in WordPress
  • Disable theme and plugins editors
  • Set the correct file permissions

Of course, these are just a few examples of things you can do. Still, they’re crucial to ensuring that your website stays safe. You know what people say, prevention is better than cure.


The risk of cyberattacks is incredibly high for every website owner. There are things you can do to lower these chances, but you can never be 100 percent sure. That’s why it’s essential to know how to proceed when your WordPress site gets hacked.

Keep in mind that they may seem easy, but recovering your stolen data is not a piece of cake. That’s why, if you don’t feel comfortable about meddling with codes and servers, you can always seek help from online security experts.

Unfortunately, their services are costly, so it’s crucial to know at least some basics about recovering your website.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Android Tips and Tricks for Getting the Most from Your Phone

Gone are the days when phones were only used to make phone calls and send text messages; nowadays, smartphones are more akin to a...

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand...

Mobile Device Safety: Keeping your phone safe from intrusion

You might have heard that the iPhone is almost completely impossible to hack or that Samsung devices have some of the best firewalls in...

How to Detect Phishing Mails and Websites

Not long ago, phishing websites and mails looked quite unprofessional, they were peppered with spelling mistakes and had a distrustful design. Nowadays the digital...