Help! My WordPress Site Has Been Hacked – What Should I Do?

If you think your WordPress site has been hacked, do not panic. There are several simple steps you can take to remediate the damage and secure your site.

In this blog post, we will walk you through signs that indicate your WordPress site has been hacked, how to handle the attack aftermath, and also provide some steps you can take to prevent future hacks.

WordPress site hacked: 9 signs to watch out for

If you think your website may have been hacked, it is crucial to act fast. Here are nine signs to watch out for:

WordPress Site Has Been Hacked

1. Unexpected changes to your WP site content or design –
If you suddenly find new content or changes to your site that you did not make, it is possible that a hacker has gained access to it and changed something.
2. Strange IP activity.
If you see admin/user activity on your site from IP addresses or locations you do not recognize, it is a possible sign of a hack.
3. New users or roles appearing
If you find new users or user rights changes you did not initiate, it is another possible sign that a hacker is around.
4. Suspicious activity in your server logs
If you notice strange requests or unfamiliar IP addresses, it could signify that someone is trying to hack your site.
5. Some services or Google blacklist your site
If your site traffic is down or you see security alerts, it means Google believes it may be compromised and is a serious security concern.
6. You are getting strange emails or messages
If you start receiving strange emails from people you do not know, it could signify a data breach.
7. Your hosting account has been suspended
In case of a hack, attackers can use your site to send spam or conduct other malicious activities. Hosting providers usually suspend such accounts.
8. Weird ads appearing on your site
If you start seeing weird pop-ups or ads on your site that were not there before, someone may have injected malicious code into your site.
9. You cannot access your WordPress admin area
If you try to log in and cannot do it, and you cannot also change your password, it means that a hacker has changed your account credentials or locked you out entirely.

How to handle the aftermath of a WordPress site has been hacked?

Security experts from Clario.co provide a few tips to help you remediate the damage and protect your site in the future.

Step 1: Reset passwords

If you think your WordPress site has been hacked, the first step you should take is resetting all of your passwords – not just for WordPress, but for any other accounts that may have been compromised as well.

This includes any email accounts, social media accounts, or other websites that use the same password as your WordPress site. If you are unsure which accounts may have been compromised, reset them all to be safe.

Be sure to use strong, unique passwords for all accounts.

Step 2: Turn on maintenance mode

The next step is to put your site into maintenance mode. This will help to prevent further damage from being done and will allow you to make changes without visitors seeing any broken elements on your site.

There are a few different ways to put your WordPress site into maintenance mode. One option is to use the Maintenance Mode plugin. This plugin is great because it allows you to customize the message visitors will see while your site is in maintenance mode.

Another option is adding the following line of code, and all traffic will go to the maintenance.html file:

 
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^100.100.100.100
RewriteCond %{REQUEST_URI} !^/maintenance.html$
RewriteRule ^(.*)$ https://domain.com/maintenance.html [L]
 

(Replace 100.100.100.100 with your IP)

Step 3: Run a malware scan

The next step you should take is to run a malware scan. This will help to identify any malicious code or files that have been injected into your site.

There are plenty of malware scanners. One option is to use the Sucuri SiteCheck scanner. Another option is the Wordfence security plugin. Both of these scanners are free to use and will help to identify any malicious code on your site.

Once you have identified any malicious code on your site, it is essential to remove it immediately. This may involve editing your site’s files directly or using a security plugin to remove the malware.

Step 4: Update third-party site components

One of the most important steps you can take to prevent WordPress hacks is to keep all third-party components up-to-date. This includes plugins, themes, and even the WordPress core itself. Most plugin and theme developers release updates regularly, often in response to new security threats.

One of the easiest ways to keep WordPress components up-to-date is to use the built-in auto-update feature. This feature can be enabled by adding a few lines of code to your wp-config.php file. Once enabled, WordPress will automatically update itself whenever a new version is available.

If you are not comfortable enabling the auto-update feature, you can also manually update WordPress and all of your plugins and themes. To do this, simply log into your WordPress site and go to the Updates page.

From here, you can select which updates you want to install. It is important to install all security updates as soon as possible to help keep your site safe.

If you are not sure whether or not a plugin or theme needs to be updated, you can check the changelog or contact the developer directly.

Step 5: Tidy up the sitemap

A sitemap is a file that contains a list of all the pages and posts on your website. If you find any suspicious pages or posts, delete them immediately. You should also check for any suspicious or broken links. Hackers often add malicious code that redirects visitors to other websites.

Step 6: Check users and their privileges

Auditing user accounts will help you determine if unauthorized users have gained access to your site and see what they can do. To start, log into your WordPress dashboard and go to the Users section.

Here you will see a list of all the users who have an account on your site. Take a close look at each user and their role to see if anything looks suspicious. If you see any users that you do not recognize or that have a role that they should not have, delete them immediately.

Next, take a look at user roles. By default, WordPress has several user roles with varying levels of permissions. You can read more about these roles and their capabilities here.

Make sure that each role has the appropriate permissions and that no one has access to information or tools that they should not.

Step 7: Remove unnecessary plugins and themes

To remove a plugin or theme, log into your WordPress dashboard and go to the Plugins or Themes section. Here you will see a list of all the plugins or themes installed on your site. If you see any that you do not recognize or look suspicious, delete them.

Final thoughts
Once you have coped with a hack, it is vital to take steps to prevent the WordPress site has being hacked in the future. This includes keeping WordPress and all plugins and themes up-to-date, using a security plugin like Sucuri Security, using strong passwords, and backing up your site regularly.

About Sonnal S Sinha

Sonnal S SinhaSonnal S Sinha is a passionate writer as well as WordPress and WooCommerce rockstar who loves to share insights on various topics through his engaging blog posts. He runs a successful website design and digital marketing company. With 15+ years of experience in WordPress theme development, he strives to inform and inspire readers with his thought-provoking content. He helps thousands of small and medium businesses and startups create a unique online presence. Follow Sonnal S Sinha for your regular dose of knowledge and inspiration.