How to Recover a Hacked WordPress Website Step by Step

Posted on by Tony

A hacked WordPress website can feel like a nightmare, but with a clear plan and calm execution, you can regain control, clean up the infection, and protect your site from future attacks. This guide will walk you through the process step by step, offering actionable tips and practical examples to help you recover your website quickly and safely.

Signs Your WordPress Website Has Been Hacked

Before diving into the recovery process, it’s important to recognize the signs of a hacked site. Common indicators include:

  • Strange or spammy content appearing on your website
  • Unexpected redirects to suspicious websites
  • New unknown admin users in your dashboard
  • Sudden traffic spikes or drops
  • Your site flagged by Google as unsafe
  • Disabled plugins or broken functionality

If you notice any of these, act immediately to prevent further damage.

Step 1: Put Your Website in Maintenance Mode

Start by temporarily taking your website offline to prevent visitors from interacting with potentially malicious code. Use a simple maintenance plugin or an .htaccess rule to limit access while you perform recovery steps. This also prevents search engines from indexing malicious content.

Step 2: Change All Passwords

Change passwords for:

  • WordPress admin accounts
  • Database users
  • FTP/SFTP accounts
  • Hosting control panel (cPanel, Plesk, etc.)

Use strong, unique passwords and a password manager to keep track of them. This ensures hackers lose their access immediately.

Step 3: Create a Backup of the Hacked Site

Before making any changes, create a full backup of your files and database. This snapshot will help in case you need to analyze the infection or restore specific files later. Most hosting dashboards or plugins like UpdraftPlus or All-in-One WP Migration can generate quick backups.

Step 4: Scan Your Website for Malware

Use a trusted malware scanner to identify infected files. Popular tools include:

  • Wordfence Security
  • Sucuri SiteCheck
  • MalCare

These tools highlight suspicious code, backdoors, or injected scripts that could reinfect your site after cleaning.

Step 5: Clean the Infected Files

There are two approaches:

Manual Cleanup

  • Connect via FTP or your hosting file manager.
  • Check the wp-content, themes, and plugins folders for unfamiliar or recently modified files.
  • Compare core WordPress files with a fresh download from wordpress.org.
  • Delete malicious code or replace compromised files with clean versions.

Example PHP cleanup:

<?php
// Remove any unknown code at the top of files
// Legitimate WordPress files should not start with long obfuscated code
?>

Automated Cleanup

If manual cleanup feels overwhelming, tools like Sucuri or MalCare offer automatic malware removal with professional support.

Step 6: Restore from a Clean Backup (If Available)

If you have a clean backup from before the hack, restoring it is the quickest way to bring your site back online safely. Make sure to scan the backup first to ensure it isn’t also compromised.

Step 7: Reinstall Core WordPress, Themes, and Plugins

Reinstall the latest version of WordPress and all themes and plugins from trusted sources. Avoid nulled or pirated themes, as they are common sources of malware. This guarantees you have clean, updated files across your site.

Step 8: Remove Unauthorized Users

Go to Users → All Users in your WordPress dashboard and look for accounts you don’t recognize. Delete any suspicious users, especially those with administrator roles.

Step 9: Secure Your Website

To prevent future hacks:

  • Install a reputable security plugin like Wordfence, iThemes Security, or Sucuri.
  • Enable two-factor authentication (2FA) for admin accounts.
  • Keep WordPress, plugins, and themes updated.
  • Limit login attempts and change the default /wp-admin URL.
  • Regularly back up your website to an offsite location.

Step 10: Request Google and Security Blacklist Removal

If your website was flagged by Google or security tools, request a review after cleanup. Use Google Search Console to verify your site and submit a security review so your website can regain trust and visibility.

Using Keywords for Better SEO

When writing about WordPress security, integrating terms like “recover hacked WordPress site,” “WordPress malware removal,” and “WordPress security tips” naturally in your content can help your article rank higher. This ensures users searching for help with compromised websites can easily find your guide.

Recovering from a hacked WordPress website can be stressful, but following a clear, structured process will help you regain control and secure your site for the future. Regular updates, strong passwords, and reliable backups are your best defense against future attacks. Treat this experience as a reminder to prioritize security and maintenance for a healthier, safer website.