What to Do if Your WordPress Website Gets Hacked

Show all
Hand on a laptop keyboard with a binary image overlay and text that reads, "What to Do if Your WordPress Website Gets Hacked"
Share Post: Facebook Twitter LinkedIn

So, your WordPress website has been hacked. Welcome to this frustrating and overwhelming rite of passage. Not sure what to do? We’ve got your back. Go through our step-by-step guide on how to manage the crisis and clean the hack. You can also secure your WordPress site from future hacks with our checklist.  

1. Don’t panic

There are 90,000 attacks on WordPress every minute. Getting hacked is frustrating, but you’re not alone. Remember that you’ll get through this - just follow the steps. 

 

2. Put your site on maintenance mode

Resolving a WordPress hack may take time. If possible, switch your site to maintenance mode so that your customers don’t interact with the hack or use the site while you’re debugging it.  

 

3. Update your customers on social media

We live in an immediate world and customers don’t like being in the dark. If your website has been hacked, update them on social media. You don’t need to give all the details. Just say the site is undertaking emergency maintenance and you’ll inform them when it’s restored.

 

4. Contact your hosting provider

If you have a top hosting provider, contact them. Often, they’ll help with site recovery. If your host provider isn’t helpful or perhaps the reason why the hack happened in the first place, it might be time to switch services. 

 

5. Look up your latest website backup 

If you’re diligent about backing up your website, it’s your moment to shine. Get your latest backup and use it to restore your website. If you don’t have one, or you think it might be compromised, skip the backup and go straight to the next step. 

 

6. Use a security scanner to find and clean the hack

WordPress recommends the following security scanners:

  • Quettera
  • GOTMLS
  • WordFence
  • Sucuri
  • VirusTotal
  • Sitecheck
  • Aw-Snap
  • Cloaked Link Checker

Download your preferred tool and scan the hack. Once the hack is identified, most of these tools provide how to clean it - usually by removing malware from a plugin or theme.

 

7. Check your local computer too

Sometimes your local system may be compromised. You should also do a scan of your device to avoid leaving any open doors to hackers. 

 

8. Remove vulnerabilities

Now that you’ve cleaned up the hack, it’s time to remove security flaws and vulnerabilities. You want to make sure your system is secured and that it’s not possible to hack it anytime soon. Use our checklist of must-dos to secure your WordPress site.  

 

9. Update all your user access and passwords

Once you’ve cleaned the hack, be sure to update user access and passwords. It seems like a small thing, but thousands of hacks exploit weak passwords.  

 

With our steps, we hope you’ve gotten rid of the hack, cleaned up your WordPress site and secured it from future attacks. You might also want to consider getting cyber insurance in order to avoid business losses during an attack. 

Need some professional help to harden your security? Get in touch with our tech team

 

Download the PDF version

Click on the button below to download the PDF version of this blog post. Feel free to print or share with your business colleagues, or send them a link to this article.

 

Download PDF

Related posts

Larry Finch Joins #TeamOnsharp as a Python Developer

Larry Finch Joins #TeamOnsharp as a Python Developer


Read more
Reboot Your Website Experience with a Heat Mapping Tool

Reboot Your Website Experience with a Heat Mapping Tool


Read more
#TeamOnsharp Welcomes Erik Kantrud as a Technical Project Manager

#TeamOnsharp Welcomes Erik Kantrud as a Technical Project Manager


Read more