What To Do If My Wordpress Site Is Hacked?

Picture the scene, you’re having a wonderful day with the family, the sun is shining and you’re all enjoying a barbecue in the lovely summer heat. You receive an email saying something there is something very wrong with your website, they think you have been hacked and you need to check it out as soon as possible.

You immediately rush to your laptop and log into your Wordpress account, upon accessing your dashboard and also upon opening your Wordpress site, it is very clear that your site has been compromised. To put it bluntly, your collective arsehole falls out and you begin to ‘brick-it’ (a colloquial term for pretty much shitting yourself), sweating profusely. You, the victim of being hacked, are in a state of panic combined with huge outrage.

So what exactly do you do now, and how can all of this be undone? Follow the advice I am about to give you, this shall not only help you in such a situation, but also help you to avoid such a situation in the first place.

Stay Cool

The first thing is, you are not alone this has happened to many of us and whilst being hacked is inconvenient, frustrating and frankly extremely upsetting in the immediate… it is not the end of the world. Things can be resolved, you just need to remain calm and assess the situation.

Find out what is happening

You are in a state of panic (who wouldn’t be when this affects their livelihood?), and you want whatever is happening to stop and go away. Find out what exactly is happening on your Wordpress site? Is your site sending spam to your customers or members? Are you hosting a botnet? Or is there evidence of phishing occurring on your Wordpress site?

Like myself you may be wondering what on earth these terms are, and the effects they can have not only on your Wordpress sites data retention, but also its functionality?

You may well have heard of two of these terms already, spam is unsolicited mail that is sent to the email accounts of others without their permission. Some of this is innocuous and annoying advertorial content, some of it can be malicious and in turn compromise your computer(s). Phishing is the attempt to steal sensitive information for malicious intent, usually phishing scams operate under the guise of a trustworthy company or service. 

What is a botnet? This is when a hacker utilises malicious code to turn a network of computers into ‘slaves’ or even ‘zombies’, the owners of these computers are completely unaware as their computers are used to forward spam or other malicious content to infect other computers.

Once you know what exactly is happening regarding your compromised Wordpress (or any other CMS operated) website, you can then begin to take action to eradicate this problem and hopefully banish it to permanent purgatory.

Now I Know What Is Wrong, What Do I Do?

Once you are aware of what the problem is, you need to take precautions to stop any further instances of this occurring. The first step you need to take here is to change your security settings.

  • Login to your Wordpress hosting site, and go to ‘Account Management’.
  • From here you will need to go to ‘Manage’ and then ‘Settings’.
  • On the ‘Settings’ page you navigate to the ‘FTP Users’ option and from there you will modify (or change) permissions, passwords and update.

This process will vary dependent on who your Wordpress site host is, but in essence each step is the same regardless of host. Wordpress has some advice on how you can make these changes through myPHPadmin and also MySQL, you can read on this more here.

If all of this is quite overwhelming and you find yourself at a loss, you can always hire an expert to help you with this aspect of resolving Wordpress issues. They can help you with organising your backend and setting up reasonable security and site monitoring. Nothing is ever totally safe and secure, by remaining vigilant and frequently updating your passwords you are taking the necessary steps to remaining as safe as possible. Personally I change my passwords pretty frequently as it gives me peace-of-mind.

Passwords Done, Continue The Vigilance

So you’ve changed all of your passwords, and modified permissions access as necessary.

What you need to do now is download our scanner. Once downloaded upload this to your Wordpress site and ‘Activate’ this. This is the same as uploading a plugin or theme, and as simple as activating either. For more information on how to do this, click here.

Let our scanner do its work in the background, the scanner will check your Wordpress site and highlight all of your files and folders that may have been compromised by a hackers nefarious work.

Update Your System and Plugins

Previously I have written about the importance of updating your system and plugins for your Wordpress site to ensure that you are using the most up-to-date versions for aesthetic and security reasons. This can be a simple process and only requires you to check a few times a week. But doing this gives you peace-of-mind and keeps your Wordpress site as secure as it can be.

Nothing you do will make any Wordpress site 100% hack-proof, however by taking these simple steps you can be both as vigilant and pro-active as possible with regards to the safety of your Wordpress sites data, as well as the sensitive data of your members and customers. This will retain the trust your customers or members have in your Wordpress site and ensure that you are as safe as possible going forward.

Try FixHacked for free for one month

Try our free scanner!

Hire an Expert

I need an Expert


Chat with us and find out what you need to know!

Start livechat