Easy Guide to Recover when Your WordPress Site Got Hacked

What will you do when you see a message “Your Website has been hacked”? Obviously, it is the most difficult situation for a website owner and your first reaction might be to panic. But in such circumstances you need to think calmly and take decisions studiously. Even if you have no backups, there is still possibility that you can restore your website to its original fate, away from the hacker.

Through this blog post, we will learn how to recover when your site got hacked. If you want to encounter the situation as quickly as possible, then you need to keep yourself calm and collected, otherwise you can get trapped in the worst situation.

You just take a few deep breaths, and then run an antivirus/malware scanner on your computer to ensure that you didn’t get hacked by occupying information siphoned from your computer.

The next step depends on this question “Is your website backed up”?

If Your Website is NOT Backed Up:

If your site is not backed up, then you need to work harder to restore your site. Well, you don’t need worry, as there is a possibility for you to get back your site the way it was. You just need to follow these steps:

You Can Scan for Malware by Using a Website Scanner

To do this quickly, you can use a site scanner like Sucuri. If your site displays any result for malware, that means you need to stay focused and move instantly. No one wants their website to be flagged by Google, or lose potential readers or visitors.

Optional: You Can Delete Index File, Admin Area

If you can’t locate the source instantly, you can delete the index file through FTP with an ease. To an addition, you may need to delete the WordPress admin area through FTP (optional: you can also upload a custom index file that shows your website is under maintenance), If you think that the hacker has the access to your site.

If you don’t know your WordPress version or don’t have the latest version, you have to search that out by detecting version.php in the wp-includes folder, and there you can see something like “$wp_version = ‘4.1.1’”. It is important for you to know your WordPress version, in order to replace your WP files.

Replace Mysql Username and Passwords with New One

You can do this to ensure that whoever has been able to access your username and password through php or sql, won’t be able to crack again after you replace it with the new username and password.

You just need to access your hosting dashboard, such as a cpanel and then scroll down and click on MYSQL databases.

Then, cross check under the appropriate database if any extra users added anything. You can also delete if you find something unusual and then change the password of your user by clicking the user listed under Entitled Users, or also create a new user together with the form.

Clear Away the Old Admin User and Create a New One via phpMyAdmin

First, you need to go to phpMyAdmin and then head over to WP_users, then you can find the offending account (either your old admin user account, or a new one if you have been able to insert sql).

If you want to add fields manually, then this will get more complicated, but luckily, you can use a simple piece of sql to produce all the essential fields for a new admin user.

INSERT INTO `wp_users` (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`)
VALUES
(NULL , ‘username’, MD5(‘password’), ‘User Name’, ’email@domain.ext’, ”, NOW(), ”, ‘0’, ‘User Name’);

You can also Change your WordPress Security Keys

It is easy to change your WordPress security keys, but for this you need to go to the WordPress salt secret key generator. Then, copy all lines and replace the suitable lines in the wp-config.php file.

If Your Website is Backed Up:

If your website is backed up, then it becomes a lot easier for you to recover your site.

Change the Suitable Passwords and Username If Necessary: MySQL, FTP

Get into your hosting dashboard (such as a cPanel), and go to FTP users and MySQL users. If you find any new ones, delete them and then change the password for the relevant user.

Restore your site from the backup using the most suitable method.

Well, this depends on how you backed up your website. Most of the plugins need you to restore the website within the dashboard, so you may need to create a new admin user to get access if you did it through a plugin.

Change your WordPress Security Keys

This method invalidates cookies so the hackers don’t stay logged in even after changing the passwords.

Scan for Malware and Backdoors by Using Wordfence

Head over to advanced option and select to scan outside WP install, as well as, scanning images as executables.

If you detect any malware or other risks, make sure you change all your WordPress passwords again after deleting or replacing the files in question because the hacker might have hijacked the new login information via the code that was in place.

Then follow that all up by enhancing your WordPress security by following the easy guide to ensure that it doesn’t happen again. And, if your website wasn’t backed up, then you had to go the long way to repair your site.

Conclusion

So, in this blog we explained the simple guide to recovering your site when it got hacked. In such situations, you need to think calmly and think out the ways that can help restore the site in its original design and feel.

Author Bio: Tracey Jones works as a WordPress Developer at WPGeeks Ltd. She handles a team of experienced WordPress developers who are experts of PSD to WordPress theme conversion with proven results. Follow her company on various social media networks like Facebook and Google+.