How to Safely Restore a Hacked WordPress Site

It happened. Despite all your precautions, your WordPress website has been hacked. For businesses, this can mean a serious loss of income every minute it’s down. So what can you do to get back up and running? And how can you avoid this in the future? Let’s have a look at the key steps you should take immediately.

Restore from backup

First things first, roll your site back to a state prior to being hacked. You do have a backup right? The good news is, even if you don’t actively back up your website, any decent hosting service provider should maintain backups for you. With a great hosting service, your site will probably be restored before you even know you’ve been hacked.

Reset your passwords

If you can still log into your website dashboard, it’s time to reset those passwords. Go through all your users and reset each password. Whilst you’re doing that, if you see a user that you don’t know, delete it. Hackers will often leave backdoors into your website, of which an extra administrator is just the most obvious. To be even more safety conscious, reset your WordPress security keys, also called salt keys, to void any current sessions in case the hackers are still logged in.

If you can’t access your dashboard, probably because the hackers changed your own password, don’t despair. You can update your passwords directly your the website’s database through PHPMyAdmin. This is all done through your hosting providers portal, usually plesk or cpanel. And while you’re there, you can update the permissions of your uploads, wp-content and wp-includes folders just to be safe. With all that done, go back to your dashboard and reset the passwords as stated above.

One last, sneaky little check is to make sure your website admin email address is still the same. This is often changed so that hackers can regain access by requesting a password reset on the admin account. You can find the admin email address under settings in the dashboard. This can be locked by the hacker, but you can always go back into the options table in PHPMyAdmin to force the change within the database.

Plugins are your friends (and enemies)

With the site restored and passwords reset, you may think you’re set. But remember what we said earlier about hackers and backdoors? Now it’s time to clean up your site to avoid the same exploits from resulting in another hack. Firstly, get some security plugins for you site. We recommend WordFence and Sucuri. Using these plugins, you can check for, and protect against, known vulnerabilities.

But not all plugins are your friends. Take the time to review what you’ve installed on your website. Remove any legacy plugins with known problems and purge any unused ones. Now, take a backup of your entire site because you’re going to start updating everything. Once backed up, update your core WordPress files then each plugin in one-by-one. Check your site after each one, as updating plugins can change how they interact with your theme and other plugins which can break your site.

Once you’ve done all that check that your security plugins are reporting a healthy site and finally take a breath. It’s a sad truth about the internet that you’ll never be 100% safe against hacking. But you can avoid the known problems and take steps to keep up to date with your security. Website security is an area where it definitely pays to have a proactive hosting providing, one that constantly monitors suspicious active and runs their own security and backups. This will ensure that when a hack does occur, the downtime and damage is kept to a minimum. If you’re unsure whether you’re getting the service you need, then get in contact with us at Black Label Hosting and we can help you find the right hosting plan.

Posted in