| WordPress

Fixing a Hacked WordPress Site

Having your website hacked can be very stressful but here are some guidelines on how to fix a hacked site with help from the Wordfence plugin.

Often the first sign that your site has been hacked is an email from your hosting company or Google. Hacks are often ‘invisible’ to most users as they insert hidden links into the content of the site.

Unless you look at the source code you may not be aware that there is a problem. This will not stop your hosting company from shutting down your site or Google from blacklisting it.

  • If you can still access your Dashboard, go to Plugins > Add New and search for Wordfence.
  • Then install and activate it.

Then install and activate it

  • If you do not have access to your website, restore a back-up from before the hack occurred. Usually, your hosting company will conduct daily backups and you can use the control panel to restore a version from a few days or week before. This will depend on when the hack happened and how often your site is updated.

You can find out how to make your own backups in this OSTraining video tutorial.

  • Once your back-up is available and you can access your Dashboard, install Wordfence.

Make sure your site is up-to-date

Many hacks occur because your WordPress software is not up-to-date.

  • Check on the dashboard to see if any updates are available.

Check on the dashboard to see if any updates are available

  • Click on Updates on the left-hand sidebar or on the two circling arrows at the top of the page.
  • From the Updates page, make sure you are using the latest version of WordPress and then update all your plugins and themes.

make sure you are using the latest version of WordPress

(If you have made customizations to your theme, you need to back these up first in case the update overwrites them. Find out how to create a child theme in this OSTraining tutorial.

Changing passwords

If your site has been hacked the first thing you need to do is to change your passwords.

  • Go to your users' section and see if there are any users that you don’t recognize. If there are unknown users, delete them immediately.

o to your users' section and see if there are any users that you don’t recognize

  • Then update your own password by selecting your user’s profile and scrolling down until you can generate a new password for yourself.

Then update your own password

  • Then go to your hosting company’s control panel and change your FTP and database passwords. You can contact your hosting company to assist with this.

Once your database password is changed your website will go offline. Now you need to update your wp-config.php to reflect the new database password.

  • You may be able to edit this file through Cpanel or whichever interface you use through your hosting company. This can usually be done through a file manager facility. If you are unsure, ask your hosting company how you can edit the file.
  • Open your wp-config.php and update this line with your new password:

/** MySQL database password */
define('DB_PASSWORD', 'passwordgoeshere');

  • You can also make changes to the wp-config.php file using FTP (file transfer protocol) if you are comfortable with that process.

Scan your site with Wordfence

You are now ready to check if your site is secure.

  • Go to Wordfence on your left-hand sidebar and click on Scan.

click on Scan

This scan can take some time depending on the size of your site, but you may find a list of issues and an opportunity to fix them.

So you may see something like this:

you may find a list of issues and an opportunity to fix them

  • If you have a page or post listed, go to that item and either delete it and recreate it or edit it (in text mode) to ensure there is no malicious content in the page.

If you do not find any problems you may want to select a higher scanning setting.

  • Go to All options under Wordfence on the left and then scroll down to Scanning options. Here you can select ‘High Sensitivity’.

Go to All options under Wordfence on the left and then scroll down

This level of scanning can list issues that may or may not be problems so read the scan results carefully before acting on them.

Wordfence finds pages that have been compromised by hackers and also lists plugins that have been abandoned and are no longer considered safe.

Wordfence will also:

  • Alert you when someone logs into your site.
  • Alerts you when updates are needed.
  • Lock out users who repeatedly try to access your site with an incorrect password.
  • Block attacks from hackers.

You may receive emails from your Wordfence plugin like this:

You may receive emails from your Wordfence plugin

This indicates that Wordfence is watching your site and blocking unwanted activity.

Conclusion

Wordfence can’t help with all hacks but it is a useful tool to assist with many hacking attempts. It acts as a preventive measure to remind you to update your site and locks out malicious users trying to access your administrative area.


About the author

Born in Zambia but living now in Cape Town, South Africa, Libby Young started out as a journalist. She taught herself HTML when the company where she was an sub-editor made the transition from CD-Rom to the web 20 years ago. Since then she has developed content-rich websites using a variety of open source content management systems.