My WordPress Site Has Been Hacked


 

Introduction

Millions of WordPress sites are hacked daily and being in charge of a lot of WordPress sites that aren't actively maintained or secured correctly can become a BIG hassle. Below is a guide to getting your WordPress site back up and running and some pre-cautions / steps you can take to prevent it from happening again.

Steps Before/After a Hack

The following steps should be taken before or after a hack to help with Security. A lot these preventative measures can be completed through two plugins: Sucuri and HideMyWP:

Save a local copy of your wp-config.php file and check the WordPress version.
Delete wp-includes / wp-admin folders as well as every wp- extension in the root.
Delete index.php on the root.
Delete ANY other folders that exist except wp-content (backups/unknown/etc)*
Install a fresh updated copy of WordPress* https://wordpress.org/download/
Using File Manager (or alternative) create a new wp-config.php file.*
Copy/Paste your local copy text into the newly created wp-config file.
In CPANEL (or equivalent) change the database user / database name and update the wp-config file.
Install the Sucuri Security -> https://wordpress.org/plugins/sucuri-scanner/
Use Sucuri to run a Malware Scan / Implement ALL the Hardening items*
Use Sucuri Post-Hack to generate new 'Salts' (security keys).
Install the Duplicator Plugin -> https://wordpress.org/plugins/duplicator/
Using Duplicator create a backup of the site and save locally for future possible hacks.
Finally using File Manager make sure your permisions are as follows: Folders – 755 | Files – 644

*wp-content If you run into viruses / hacks for plugins make sure they are deleted or delete the entire directory if your theme does not require it.
*Fresh Copy - This should only be done if your WordPress is part of the same main revision (ie 4.1.1 -> 4.6.1)
*New WP-Config - You can copy your locally stored file as well.
*Hardening - Some hardening features might break your site. Check the site after doing the hardening and revert if you run into issues.

Final Notes

If the above steps do not allow you to bring the site back make sure to keep a log of all steps taken and grab the generated error_log from the root folder. This will help with further diagnostics. Finally think of install other plugins that can assist in hardening such as: 


Protect my Admin - https://wordpress.org/plugins/protect-wp-admin/
Hide my WordPress - https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158

and install Jetpack for free site monitoring and a slew of other useful features.

Did you find this article useful?