Guide for Cleaning Hacked WordPress Website

clean hacked wordpress website

Nothing can’t be worst than seeing your WordPress site being hacked by any malicious activity. Since WordPress is one of the most used CMS platforms across the web, it is more vulnerable to security attacks. Over the past few years, hackers are targeting WordPress websites by finding any loophole into the installed theme and plugins or via brute force attacks.

If you’ve already become a victim of hacking attack, then it’s the high time to clean up your WordPress site. Here, in this blog post, we will share some incredible tips that will help you fix your hacked website and also prevent it from future attacks.

Why hackers attack websites?

Whether you are using Drupal, Joomla, Magento or WordPress, any website can be hacked if you don’t prioritize its security. Well, it is difficult to understand that why hackers attack websites, but following reasons could be enough for you to take your site’s security seriously:

  • They attack to steal your credential data
  • To send out spam emails
  • To download malicious code into your web visitor’s browser
  • Destroy your reputation among your targeted web audience and a lot more.

This means you could lose everything- your market value, search engine ranking, credibility, reliability and of course your site’s data. If you want to avoid this, you will need to focus on strengthen its security by fixing all the loopholes available within a website.

Let’s get started!

1. Encounter the hack

Instead of losing patience after seeing your hacked site, you should keep yourself calm and think of getting rid of it. Of course it is difficult, but you can check whether you website has been hacked or not. Below is the checklist that will help you achieve this:

  • Check whether you can login into your WordPress admin panel or not?
  • Whether you site redirecting to another website?
  • Have you lost all your data?
  • Does your WordPress website include illegitimate links?
  • Create a checklist of these things and confirm it with your WordPress hosting company. This will help you sort out the things with ease.

Note: You can change your username and password before fixing up your WordPress site.

2. Cross-check with your WordPress hosting provider

Whenever you stuck in such type of situation, you can immediately contact your web hosting provider. Most of the reliable hosting companies help their clients in cleaning up their hacked website. Since they know their hosting environment, they can guide you in a much appropriate manner. Just make sure that you follow their instructions carefully.

Your hosting provider may give you some additional information about the attack such as the identification of backdoor, loophole/malicious code within installed theme and plugins, etc.

If you choose a reliable host such as Siteground, you can easily recover from the existing hack.

3. Restore your site from backup

Why backups are important? It’s because it can save you from security attacks and other natural mishaps. If you backup your WP site on a regular basis, then it becomes super easy for you to restore it anytime.

There are many WordPress plugins that can help you backup and restore your WordPress site in a breeze. In case, you don’t have a backup and don’t want to lose the content, then you need to do a lot of work hard to remove hack from your site.

4. Analyze and Scan your website


This is a crucial step that can help you fix your hacked site with ease. First, you need to analyze your site and remove any unused WordPress themes and plugins. Since you are not using these themes and plugins,  you forget to update them and this encourages hackers to target it to gain access to your site.

You can identify all the inactive resources and delete it from your WordPress admin dashboard. After that, you can scan your entire website to identify the hack. Fortunately, WordPress offers various free plugins such as Sucuri WordPress that can help you scan and identify the malicious code within your site.

The scanner will help you know the status of all your WP files and show where the hack is residing. Most of the common areas are installed themes and plugin directories, wp-config.php, .htaccess file, upload directory, etc.

If you find the hack in any of these places, you can download the new copy and override the corrupted files with the new one. But this method is applicable for those who didn’t make any tweaks in your WP theme codes.

5. Check WordPress Users and Roles

Make sure that you check all the WP users and roles. This will help you identify whether there are any new suspicious element or not.

Since one user play a WordPress admin role, ensure that you have trusted team members that can help you strengthen your WordPress admin area.

6. Check your HTML files

Most of the hackers target HTML files with the sole aim to get into your WordPress site. This means checking all the HTML files become essential if you want to fix this issue.

Ensure that all HTML files on your website are legitimate and you should know what they are utilized for.

7. Change your WP Password

Once you are done with the cleaning up process of your hacked site, you can change your password again. Make sure you change your WordPress password, MySQL/cPanel/FTP password to strengthen your site’s security. You can use strong and unique password using the combination of alphabets, numbers and special characters.

This makes it difficult for hackers to gain access to your WordPress site.

8. Strengthen your site’s security

After fixing up your hacked WordPress site, make sure you tighten your WordPress site’s security. You can do the following things to achieve this:

  • Migrate your site to a reliable hosting provider (if you are running your site on shared host)
  • Secure your admin dashboard
  • Use 2-factor authentication
  • Leverage SSL to encrypt data
  • Remove unused themes and plugins
  • Protect the wp-admin directory
  • Update the WordPress database table prefix, etc.


This is how you can clean your hacked WordPress site. These tips will help you achieve your goals without any professional assistance.

Guide for Cleaning Hacked WordPress Website
Scroll to top