How to Fix the Issues When WordPress Site is Hacked

Among tech-savvy geeks and online entrepreneurs, there is a great lust for WordPress websites due to various reasons. They create new WordPress websites almost every day and make it live to run their web-based business easily and comfortably. But, wait for a while. Just like any other site, WordPress websites are frequently targeted by hackers and cyber-criminals.

When your website is hacked, you face tremendous loss in terms of business, brand reputation, traffic, revenues, search engine rankings, etc. WordPress websites with outdated free themes and plugins, poor hosting service, easily predictable admin and login details, etc, are easy prey for professional hackers.

How to Know Your website is Hacked?

  • Security Plugins are sending you a warning message,
  • You are unable to log into your website,
  • You are redirected to other harmful or pornographic website,
  • You are getting a warning from your browser,
  • Your hosting company makes your site offline,
  • Google marks your website as insecure,
  • Security scan display problems, and
  • A sudden increase in website traffic, etc.

Steps to Recover Your WordPress Site

1. Measure the Gravity of Attacks At First

First of all, you should be calm and check the extremity of attacks. Just check whether you are able to login to your site admin panel or not. If you are able to do so, then you may need to seek help from a professional WordPress developer to do the remedial work. If you are able to sign into the site’s admin panel, then change the website password as soon as possible before you start the cleaning work.

2. Scan Your Site To Track The malware

When your website is hacked, just scan your site to find out the malware and delete it. If you don’t do it, your website will remain exposed to online security problems even if the hacking issue is resolved. Actually, the malware is a malicious program which puts hacking codes into your files, plugins, database, themes, etc, and helps hackers to hack the site easily. You can detect the malware manually by using the phpMyAdmin and running some MySQL queries. It takes plenty of time. You can use a WordPress plugin to check your website databases and WordPress core files for suspicious codes in an easy way. So, install the plugin on your site’s admin, generate the API key, and activate it. Click the Malware Scan button from the Sucuri Security drop-down menu. It will automatically detect the malware and display the results.


3. Use Backup To Restore The Site

If you backup your website regularly, then it becomes easier for you to initiate the restoration steps. Just find the latest backup file and use it to restore your website. The disadvantage of this method is that you may lose your old blog posts, new comments, etc. So, you can remove the hack manually. It may take a considerable amount of time depending on the amount of content you have.

4. Reinstate WordPress Database Using Phpmyadmin

To perform this action, sign into your phpMyAdmin through the control panel and clean all the existing database off. Have a look at your target database and choose all of its tables. At the end of the page, you will see a Drop button. Just click it to erase your current tables.


Now, your database is completely vacant. Just import your backup file for the database by clicking on the Import button-

WordPress Database

Finish the importing process by clicking on the Go button. After some minutes, you get the message that the import has been finished successfully.

5. Restore Your Site Files Through FTP

The process to restore your old files is very easy and straightforward if you use an FTP client.


Once the files are stored fully, edit the wp-config.php file in your newly uploaded WordPress files without any fail. For this, you need to use the host name, database name, and password information. Once you complete this step, your WordPress site is fully restored.

6. Increase Security Around Your Website

Despite tall claims made by website creators and Internet security experts, live websites are not 100% safe. They are always exposed to hackers and cyber criminals if you remain careless about their security. The same holds true for WordPress websites.

You can take a number of steps to protect your website from hackers. Some important steps are given here below:

  • Never ignore WordPress updates for themes, plugins, and software. Those updates are aimed at patching the security loopholes and protect the WordPress sites against various types of online security vulnerabilities,
  • Use a clean computer/laptop to access your website. Install a good quality antivirus and firewall to trace and eliminate the malicious traffic to your website,
  • Don’t hyperlink your website to pornographic or spam websites. They carry a huge amount of virus that can compromise the security of your site,
  • Update your website login details regularly and use unpredictable/random passwords to leave the hackers clueless about your login details,
  • Use two-factor authentication for website login on a new system,
  • Use WordPress security plugins to eliminate the security threats, etc.

Final Words

Nothing is more frustrating than getting your website hacked if your bread and butter comes through it. By using the above-mentioned steps, you can easily restore your hacked website.

Author Bio

Brandon Graves is a WordPress developer and blogger with a great interest in Internet technology. He keeps writing useful posts on a wide range of topics, such as HTML to WordPress conversion, psd to responsive wordpress conversion, Plugin development, etc. Follow him on Google Plus to get more updates quickly.


These posts are a handout from our Guest Author who works with us occasionally and provide their opinions for our regular visitors on Web-Development & Designing, SEO, CSS, Coding etc. As their details can be marked with their concerning post even we would like to add that out Guest Authors are expert and master of their own sector. If you also desire to be our Guest Author Contact Us at