How to Identify and Fix a Hacked WordPress Website ?


Is WordPress hack-proof? Do not ever say, but the WordPress Core has strong security is commonly acknowledged. Professional analytics of hacked WordPress web sites usually reveal that a weak administrator or FTP password results, an incompatibility of a domain or a breach in the host, an unsafe plugin or theme, an outdated WordPress core version, or a WordPress Core entry point.

The intelligent technicians know that it is easier than done to keep your site free of viruses, secure files and security vulnerabilities, but often a little effort. You could for example follow Tom’s 10 WordPress entry-level safety steps and be more secure than many others on a WordPress website.

Compromised Sites Aren’t Always Easy to Identify

Now let’s start with..

How to Identify a Hacked Website?

One of the advantages of using a common platform for websites, like WordPress, is that security scanners know what to expect. They may state that files in WordPress Core do not contain such code or load assets from external domains, or contain obfuscated code.

No matter how you build or manage your website, some common signs of a hacked site include:

  • Annoying popups appears randomly
  • Showing odd text in the footer or in the “View Source”
  • Links to other sites or auto-links of keywords you did not link to
  • Chance of seeing plugins that you didn’t installed.
  • Web site redirecting to another URL (immediately or after a short time)
  • Any irregular or mischievous behavior or spikes in traffic or bandwidth usage

Through the above signs you can identify the website hack

Some automated methods helps you identifying compromised sites as listed below

Google Webmaster Tools Email Alerts

Google Webmaster Tools is a great resource for webmasters (you ‘re probably already aware of how to set it up here). One of the best things about your site is your email alerts when they detect bad behavior ( i.e. hacked!). You have been verified as the owner of the site so they directly email you the notification. So now you know that if you receive an email about this, Google has a great precision rate and you should go into high-alert mode immediately.

Google Scanners

Fetching the Google Safe Browsing diagnosis ( are two different ways for you to scan your website for Google.

Fix Hacked Website Scanner

Our Free Website malware scanner detect almost all common and new malware. Its highly recommended to have a regular scan on your site to avoid being victim of attackers.

StopBadware Clearinghouse

You can quickly search the StopBadware Clearinghouse, but it will probably already be part of Google’s Webmaster Tools results. In other words, before checking the StopBadware Clearinghouse, you will probably receive an email from Google Webmaster Tools. However, during the recovery process, it is good to check.

Sucuri SiteCheck Scanner

The malware scanner checks Sucuri’s SiteCheck for Google Safe Browsing, Norton Safe Web, Phish Tank, Opera Browser, SiteAdvisor and several more databases in the black list. It is also searching for iframes, scripts, downloads, redirects, and other items. It is also searching itself. It also lists the scanned URLs and files, the program on the website (for example WordPress) and information on the version of the software.

Browser Security Scanner

The Qualys Browser Check scans the security vulnerabilities of your Internet browser, including outdated computer software and browser plugins such as Java, Adobe Flash, Adobe Reader and Microsoft Silverlight. You may be responsible for a compromise site for the browser, FTP client or other access point.

How to Fix a Hacked WordPress Website

Google advises you if you know or suspect that your account has been hacked:

  • Take your site offline
  • Assess the damage
  • Work on recovery
  • Get back online

Will Restoring a Backup Fix a Website Hack?

If you know the date and time of the hack on your site, the simplest way to do that is to restore your site to a backup before that time. That is why it is important to use a reliable backup utility, not only supporting but making it easy to restore.

However, the previous backup is vulnerable to attacks because the entry point was at the software domain, server or FTP level. However, it is important to ensure that your website has a restored version free of the same vulnerability(s).

It’s a good idea to back up your .htaccess and wp-config.php files, your wp-content directory and your database from your backup file(s) separately to enable you to replace parts of your website, like WordPress Core files.

Replace WordPress Core Files

Typically, hackers follow a high yield hack. For instance, if you can hack WordPress or a popular plugin or a whole webhost, you will once hack and get access to a number of websites. In addition, they probably don’t care about hacking domain dot com because it’s a website and domain that has little interest in terms of visitor traffic or credibility.

Due to this high-performance theory, it can be useful to replace the WordPress Core files copy of a web server. At you can always get the latest version of WordPress.

You should also re-install all your plugins and check your themes before re-installing them. I also propose that you inspect for mysterious files the rest of the wp-content directory.

Change All Login Credentials and Protect WordPress Logins with SSL

Wherever the security breach appears to have originated, you never know all the information that could be obtained.

Create new login passwords — SSH, server management, FTP, Google, managementWP, and WordPress user accounts — without prejudice (i.e. assume that no login passwords have been compromised). Generate a new set of security keys / salt wp-config.php. You can alter the login page absolutely.

If you have no SSL certificate to secure WordPress logins right now, the time has come to implement it. Follow the other things suggested by WordPress Codex, including an SSL credential, “WordPress Hardening.”

Resolve Issues

The above steps apply to all websites trying to recover from a hacking incident. You may also have to address web host, web server software or other problems. The above scanners should help identify additional security concerns; however, there is no foolproof scanner and the WordPress database can still be compromised.

Final words

Let me assure you that, rather than restoring a hacked site and paying attention to safety, it’s simpler, more efficient, and less of a hassle to “act as if,” running a secure site and taking security precautions to a daily standard.

Obtaining a security-focused web host can be a major improvement over very cheap web hosts. There is no way to equate the unlimited functionality of a $4 / month web host with a $30 / month web host that focuses on speed, security and operation. Often we don’t consider higher-priced deals before it gets too late – until after the hack or until after the traffic spike (in the right way) in case of site acceleration and up-time.

I suggest that you do some of the above semi-regular activities — take regular backups and verify that they can be completely restored, change login credentials, etc.—and use strong passwords to restrict login attempts and take other security precautions.

Adding your site to Google Webmaster Tools offers a range of advantages, including e-mail security alerts. Make sure your website is added to Google Webmaster Software.

Make sure you take backups periodically. Usually enough once or twice a day. Others find it acceptable every other day, once a week or once a month. The optimal backup schedule depends on the amount of time your site changes and the amount of traffic on your site.