How to Recover a Hacked WordPress Site

I know you are here probably because your WordPress based site got hacked. Don’t panic its fine you will be able to recover it by your own with the help of this tutorial. Usually installing unknown plugins and even sometimes free WordPress themes which you install found on torrents and other free file hosting sites are the cause behind it. So let’s start recovering your hacked WordPress blog.

Step 1: Inform Web Host
It’s important to tell your web host that your blog has been hacked so they shall scan the server for infected files and remove them to prevent other hosted sites on the same server.

Step 2: Backup your Blog’s Database
Take backup of WordPress blog’s database to make sure that your content which includes your posts, pages, users, comments and images are secure. Try to keep the backup in a separate folder so that you shall be able to find these file easily.

Learn: How to take Backup of your WordPress Blog Manually

Step 3: Get Rid of Everything
Hacking is actually done through malicious codes which are included in the files of a website. Usually it’s difficult for the users to find those codes due to which my recommendation is to delete all the core files of WordPress except /wp-content/upload which has your images. Now re-install the core files of WordPress or else if you are not willing to do this then you probably need to delete all the installed themes and plugins and replace the core file with the latest version of WordPress available.

Step 4: Re-install & Secure your WordPress
Get the latest version of WordPress and re-install it from scratch. Once you’ve done that now we will make sure to have it secured so next time it shall not happen.

Step 5: Make wp-config.php and .htaccess secured

Step 6: Daily automatic WordPress database backups

Step 7: Change your WordPress default wp_ Database Tables Prefix

Step 8: Install Total Security Plugin for WordPress

Step 9: Change default admin username if it’s Admin

Step 10: Set Limit on the Unknown Failed Logins

Step 11: Change Default Username and Password of your Database

Step 12: Place WordPress Core Files into Root Directory

Step 13: Generate & Update Wp-Config.php file with Salt Security
Once your site is hacked even changing passwords cannot help you as the cookies remains valid. Salt security helps you in disabling them it’s based on eight security keys which you don’t need to remember as it will be saved in your wp-config.php file. So let’s generate one for your site by clicking here, every time you refresh the page you will receive a new set of keys. Once you generate key for your site open the wp-config file and find the following lines and replace them so, now save them and close the file.

define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);

Step 14: Make sure .htaccess file is safe
Open up the .htaccess file to check whether it has proper code or not as the hackers use it to redirect your site to other destinations and mostly the code is hidden at the bottom of the file. Change files permission of wp-config.php to 400 and .htaccess to 644 using the chmod function.

If you’ve never edited the .htaccess file it should look like this:

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

Step 15: Scan it!
Using Sucuri Scanner scan your blog to make sure there are no more bugs left.

Step 16: Restore the DB
Now it’s time to restore to WordPress database which you’ve taken earlier. Make sure not to install themes and plugins from unknown publishers.

Leave a Reply