Finding out your site’s been hacked is alarming, but panicking leads to mistakes. Work through this in order and you’ll clean it properly rather than removing symptoms while leaving the back door open.

1. Take the site offline and scan

If the site is serving malware or spam to visitors, put it into maintenance mode first to limit damage. Then run a malware scan — a security plugin or a server-side scan will identify infected files. On our servers we can run a deep scan that finds injected code and webshells that plugins sometimes miss.

2. Change every password

Assume all credentials are compromised. Reset your WordPress admin passwords, your cPanel password, your database password (update wp-config.php to match) and any FTP accounts. Do this early, or the attacker simply walks back in through the credentials they already have.

3. Back up the hacked site before cleaning

Counterintuitive, but useful: keep a copy of the compromised site. It preserves evidence of how they got in and gives you a fallback if a clean-up step goes wrong.

4. Replace core, themes and plugins with clean copies

The reliable way to remove infected core files is to delete WordPress core and reinstall a fresh copy — your content lives in the database and wp-content/uploads, so it’s safe. Reinstall themes and plugins from trusted sources too. Delete anything you don’t recognise; attackers often leave rogue plugins as a way back in.

5. Hunt down injected code and backdoors

Check wp-config.php, .htaccess and the uploads folder for suspicious PHP files (uploads should never contain .php files). Look for recently modified files with obfuscated code. This is the step where a server-side scan really earns its keep.

6. Clean up and resubmit

Once clean, remove any spam pages the attacker created, update everything, and check whether search engines flagged your site — if so, request a review so warnings clear.

7. Harden so it doesn’t recur

A hacked site usually means an unpatched plugin or a weak password. Close that gap: update everything, enforce strong logins, add a firewall.

Hacks can hide deep. If you’re not fully confident the site is clean, don’t guess — open a ticket and we’ll run a thorough server-side clean-up for you.

Was this article helpful to you?

admin

Leave a Reply

You must be logged in to post a comment.