Nexcess.comServers.comLiquidWeb.com
Search our site for answers
Log in
Help Docs Software Kadence Kadence Solid Kadence Solid Security Legacy Help! My Site’s Been Hacked!

Help! My Site’s Been Hacked!

You’ve come to the right place. Because WordPress is such a popular way to build on the web, it’s often the target of bad actors looking to gain access to sensitive data.

Getting hacked can feel overwhelming, but the SolidWP support team is here to help. This guide has a singular goal: resource you to “Do It Yourself” in cleaning and “unhacking” your WordPress website.

Note: want to skip learning, and get unhacked by the pros? Check out Solid Fix. It’s a service for cleaning hacked websites.

That out of the way, here’s how to unhack your website:

Step 1: Secure Access Immediately

  • Change All Passwords: Update the passwords for your WordPress admin, hosting control panel, FTP/SFTP, database, and any other associated accounts. Using a password manager can help generate strong, unique passwords.
  • Verify User Accounts: Review all user accounts in your WordPress dashboard. Remove any unfamiliar administrator accounts.

Step 2: Inspect Core Files and Configurations

  • Review Critical Files: Open key files like wp-config.php, .htaccess, and your theme�s functions.php. Look for any unfamiliar or suspicious code, such as extra commands or obfuscated segments. If you have a known good backup available, compare these files to your backup to spot any unauthorized modifications quickly.
  • Reinstall WordPress Core: Download a fresh copy from WordPress.org and overwrite your core files with these official, unmodified copies. This process removes any doubt that your core WordPress files are compromised.

Step 3: Replace your Themes and Plugins

  • Disable All Plugins and Revert temporarily to a “default” theme: Disable all plugins and switch to a default theme (like twenty twenty-five). This is a temporary measure.
  • Reinstall from Official Sources: Document all plugins and themes that you have, delete the plugin folders and themes (except for the default WordPress theme) from your host (these are found in /wp-content/plugins and /wp-content/themes/), and reinstall them from their official plugin and theme sources.
  • Remove Unused Items: Remove any plugins or themes that you no longer use. It is always a good idea to periodically audit your plugins and themes for anything you may no longer need installed on your WordPress site.

Step 5: Scan for remnants of Malware

  • Don’t trust malware scanners built into plugins: Rather than relying on a security plugin that offers malware scanning as it might be compromised, you will need to manually go through and check for malware. The previous steps have made the task more simple by eliminating large swaths of places for malware to hide, but the remaining places can be cumbersome: the wp-content/uploads directory and the database itself.
  • One common tactic of scammers is to place links into content that can be hard to root out. If you know when the hack took place, the best way to root out those links is to restore to a database backup from before the hack. You can also scan (using tools like WP-CLI) for links and then review all of them to make sure they are all accurate.

Step 6: Prepare for next time.

SolidWP as a company is committed to your website’s security. Once it’s clean, installing Solid Security is like putting an armed security guard at the gate, and Solid Backups is like having a magical construction crew on standby.

As mentioned above, if any of these steps seem daunting for any reason, Buy Solid Fix today.

Was this article helpful?