How to Fix a Hacked WordPress Website

Running an online WordPress website is no piece of cake and every web designer knows this. Your website could crash, become terribly slow or worse get hacked! This can have a serious implication on your business as well as viewership, so it's very important that as a professional, you handle this situation. Additionally, knowing how to fix a hacked website could also be a great way to earn that extra cash as a web designer

Not sure if your website is really hacked? Check out for these indications:

  • You got notified by Google that your website is hacked
  • Your website redirects to an unknown URL
  • Spam ads appear on your website featuring adult content
  • You're notified by your web hosting company about the malware attack on your site

If your WordPress website is really hacked, there's no need to panic. We have created this helpful guide for designers who're looking to fix a hacked WordPress website. Remember to keep this guide handy, you never know when you might just need it. Let's get started.

Get Professional Help

Website security is a very serious matter. If your website is under attack and you're quite not sure how to go about it, hiring a professional would be the best idea. You could either hire a security expert from renowned websites such as Upwork, Fiverr etc. or you could reach out to WordPress security company such as Sucuri.

Seriously, if you're looking for a quick hassle free solution and not comfortable in going into servers or codes, outsourcing would be the best option. However, hiring a professional to help you remove malware from your site can cost you $30 - $50 per hour, so if you don't have that kind of budget, it may be a good idea to learn to do it on your own. 

Analyze the Hack

The very first step of fixing a hacked WordPress website is to check if you can login to your WordPress admin panel.If you're able to login, change the admin password and move on to the next steps of cleaning the malware files. But, if you're not, know that the severity of the attack is quite high. Try to collect as much details as you can, because you would be needing those while getting in touch with hosting company to let them know about the issue.

Remove Malware

If you are able to login to your WordPress website, there are a few steps you can take to identify and clean the malware from your website. The first step is to scan your website for hacks, install the free plugin Sucuri WordPress Plugin. It's "Post Hack" feature offers measures for when your site has been compromised.  

Next, install the Theme Authenticity Checker plugin. It searches the source files of every installed theme for signs of malicious code. You could either manually remove the malicious code or replace the infected file completely. Only dive deep into fixing the code by yourself if you've got experience with this. We won't suggest doing it if you're not a web developer. 

Contact your Hosting Company

Most hosting companies are quite helpful with troubleshooting a malware-hit website, as they have experienced staff members who face situations like these quite often. They're well equipped with everything you need in order to get your website up and running. Get in touch with the hosting company of your website, with the information you have at hand and follow their instructions. 

If your website is hosted on a shared platform, it is possible that the hacker might have gained access to your website from another site, which will help you to understand how your website got hacked in the first place and if the hack can be cleaned by the hosting company itself.

Change Passwords and User Permissions

Once you have ensured that your website is free of malware, and you have successfully fixed the hack, it's time to change all of the passwords linked to your WordPress website. Make sure to update your WordPress password, cPanel / FTP / MySQL passwords too. If you have more than one user on your website, make sure to change their passwords too.

Additionally, you should also check the user permissions of all the WordPress users on your website. Make sure, only the required team members have the admin access, and no other person is added as a user on to your website. 

Moving On

With this experience, we're sure that you have learned the importance of having a good backup solution for your WordPress website. Their are a number of online platforms and WordPress plugins like ManageWP, Backup Buddy, Duplicator and so on that you can pick based on your needs and budget. 

It goes without saying that if you're a web designer or an online business owner, taking the security of your website in your own hands is very important. Here are a few tips to help you:

  • Keep all plugins and theme updated
  • Remove unwanted themes from your WordPress dashboard
  • Opt-in for a Website Firewall
  • Purchase an SSL certificate for your website
  • Invest in a good quality anti-virus software for your computer
  • Frequently back up your website
  • Host your website on Managed WordPress Hosting


That's all from us! How did you fix your website after getting hacked? Share your experience with us in the comments below!

You may also like

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
    >