How to Fix a Website After it is Hacked?

If you have already been hacked, the good news is that by following the steps we discuss in this article you will wipe out the malware infections in WordPress. They can be done safely on your own, but you can also hire a removal service like if you don’t feel comfortable handling it yourself or if you detect that the hack job is a particularly serious one.

Know How to Fix a Website After it is Hacked?

We trust you can clean your website, get it back to normal and protect it against future attacks. In the eight steps below we’ll explain in detail how to do all of that. Let’s continue.

Step 1. Scan your PC/Computer

Your site may get infected in a variety of ways and one of the most common ways is when your computer has a virus that leaks the FTP password on your site. And the first thing you need to do is test your machine is free of viruses.

Using an antivirus program to search your computer over an modified virus signature database. As you’ll learn after reading this article, keeping everything updated – including your antivirus software – is one of the best ways to prevent hacks.

Step 2. Backup site database and files.

It is also a good idea to build a full-site backup before doing any actions with site files, because it will help you restore your site to its current state if anything goes wrong. That is the entire backup stage!

You can use the functionality of hosting panels to back up the database and files on your site. If it doesn’t seem clear to you, you can also reach out to support your hosting provider to help. Download it onto your local machine after the backup is ready. Do not forget to export thematic options, too.

Step 3. Download WordPress installation package.

Go to https:/ and download the new setup kit for WordPress. open the folder on your machine where you saved the archive and delete files from it.

Step 4. Delete the malware infections in WordPress.

Now you need to uninstall your new installation’s WordPress files. You can use FTP manager (e.g. FileZilla), or cPanel File Manager to do this. Note, if you do it through the File Manager it will be significantly faster. So, you should find files that look like this when you open the directory where your WordPress site is installed:

I know it sounds scary, but remove all but the wp-content folder and the wp-config.php file. Make no worries. Your installation after doing so should look like this:

Open a file to edit wp-config.php and ensure no strange lines of codes, such as a long random text string. To be sure, you can compare your config file with wp-config-sample.php, the default one.

Go to the wp-content folder, where the following directories / files can be found:

In the language folder you only have to and .po files and immediately delete them when there are .php or .js files. Copy a list of plugins that you use and delete the plugin tab.

Let’s go over what to do with the themes folder. With the exception of the theme-child folder, you can delete all folders in the topic directory if you have changed the theme files and have a theme for them. You would need to manually review all your child’s files so that there is no malicious code. If you don’t customize any theme files, you can delete anything in the themes directory.

Finally, if all the modifications to the parent theme files are made directly, all the modifications must be saved and transferred into the theme of the infant. That is why Artbees strongly recommends that you personalize the children’s topic from the beginning of your website development.

The upgrade folder should be empty by default. WordPress creates it automatically during the core update process. The upload folder will only contain image files. Check every directory in your upload folder to make sure there are no php files or anything you have not uploaded. Finally, only the following code should be included in the file index.php:


// Silence is golden.

Step 5. Re-upload process.

You can now upload fresh WordPress files extracted via FTP in Step 3. Then re-upload your latest version to the wp-content / themes directory on your server.

Step 6. Reset passwords.

Log in and reset passwords for all usernames to your site dashboard. You also need to change all passwords in the FTP and hosting panel. Note, don’t use a weak password consisting of a simple sentence or numbers. Often create strong passwords with a minimum of one number, one special character and a mix of the top and bottom characters.

Go to Settings > Permalinks in your WordPress Dashboard and click the Save Changes button. This will restore your .htaccess file to rework the site URLs. Then reinstall your plugins in step 4 according to the list you saved. Note, you need not to install old versions of plugin. Everything must always be updated for security and maintenance purposes.

Now you can upload fresh WordPress files that were extracted in Step 3 via FTP. After that re-upload the latest version of Jupiter theme on your server into wp-content/themes directory.

Step 7. Re-save permalinks and install plugins.

You can now upload new, FTP-extracted WordPress files in Step 3. Then re-upload the latest version from Jupiter into your server’s wp-content / themes directory.

plugin hack

Step 8. Re-check for malware infections in WordPress with security plugins.

Install one of the following plugins and scan your website to ensure that anything is missed: Wordfence Security, WordPress Sefety Shield, Anti-Malware Security and Brute-Force Firewall. Notice, if you want to test the site with all the plugins specified, you don’t have to keep all plugins allowed, so leave one after you test the site clean.

In this post, we have included a list of measures to clean up WordPress malware infections and how you can get your site back to work. Now that your website has no malware, you may ask Google to delete the warning from the visitor panels that read “This website can damage your device.” You just have to login or build a Google Webmaster Tools account, add your website, select “Health,” click on “Malware” and then “Request a review.”

We hope that all this new information will assist you in any breakdowns or panic attacks. If you are calm, you will see that in no time your website can be restored and back to normal.

Review The Steps:

Step 1. Scan your computer.

Step 2. Backup site database and files.

Step 3. Download WordPress installation package.

Step 4. Delete the malware infection.

Step 5. Re-upload process.

Step 6. Reset passwords.

Step 7. Re-save permalinks and install plugins.

Step 8. Re-check your site with security plugins.