Even the most secure websites are vulnerable to attacks and can be hacked. As a WordPress user, there are some basic WordPress security settings that can prevent you from many commonly known threats. Advanced users can further strengthen their WordPress security by adding more layers of protection around their WordPress sites. However, let’s assume that your WordPress site gets hacked despite all these things.

This post will discuss what you can do to recover a hacked WordPress site. We also talk about tools and plugins you can use to clean up an infected site.


Change All Passwords

Each WordPress website uses several passwords. There are passwords for the WordPress admin area, your MySQL database, your FTP/SSH access, your web hosting account, and, most importantly, passwords for email accounts associated with these logins. Even a single compromised password can give hackers full access to your entire WordPress site.

The first thing you should do when your WordPress site is hacked is to change all those passwords and even usernames if possible. Use unique and strong passwords for each account. If you are not already using a password management utility, start using one immediately. This will allow you to use stronger passwords without remembering them.

Once you have changed all your passwords, you can move on to cleaning up and restoring your website. However, keep in mind that you will have to change all your passwords once again after you have restored your website.

Create a Backup of Your Infected Site

If you did not have a backup of your site before it was hacked or infected, you should immediately create a complete backup of whatever you have left.

Most common WordPress infections simply inject malicious code, malware, and other such things into your WordPress files or database. Cleaning up those files or databases can be difficult, but it can be done.

However, the first thing that you want to do is to save your data. If you have access to the admin area of your WordPress site, you can install a backup plugin. If you do not have access to the admin area, you will have to create a backup of your WordPress site manually.

Restore from Backup

Most users don’t realize the importance of setting up WordPress backup solution until their site gets hacked. It is true, even we learnt the importance of backups the hard way.

If your WordPress site gets hacked or someone injects malicious code into it, restoring it from the backup is the quickest and safest way to get it up and running again.

Finding The Backdoor in a Hacked Site

A backdoor in a hacked website is a method used by attackers to gain unauthorized access to the site, often bypassing normal authentication methods. It allows the attacker to re-enter the compromised site even after security measures are taken to remove visible malware or vulnerabilities.

  • Scan for Malware: Use security plugins like Wordfence, Sucuri, or MalCare to scan for malware and suspicious code.

  • Check Recent Files: Look for recently modified files, as backdoors are often added to existing files or as new files.

  • Inspect Core Files: Compare your site’s core WordPress files against a clean version to spot unauthorized changes.

  • Review .htaccess and wp-config.php: These files are common targets for backdoor scripts.

  • Audit Plugins and Themes: Ensure all installed plugins and themes are from trusted sources and up-to-date.

Scanning Tools And Plugins

There are tools and plugins that will allow you to check the integrity of all WordPress files and the database. However, before you run it, you will need to delete all plugins from your plugin folder and remove all inactive themes. This will allow scanning tools and plugins to show less false positives.

Check your WordPress uploads directory, and look for any php file there. The Uploads directory is usually reserved for media files. If there is a php file there, then delete it.


Wordfence Plugin

The Wordfence plugin is a comprehensive security solution for WordPress websites. It provides robust protection features, including malware scanning, firewall protection, and real-time threat defense.

Wordfence monitors your site for suspicious activity, detects vulnerabilities, and offers tools to repair compromised files. It also includes login security features, such as two-factor authentication and brute force attack prevention, ensuring your site remains secure from various online threats. Wordfence is highly regarded for its ease of use and effectiveness in safeguarding WordPress sites.

Sucuri Security

Sucuri Scanner Plugin

The Sucuri plugin is a powerful security tool for WordPress that offers comprehensive protection against online threats. It includes malware scanning, firewall protection, and real-time monitoring to safeguard your website from hackers and other malicious activities. Sucuri also provides tools for incident response, helping you quickly address and recover from security breaches. Known for its reliability and efficiency, the Sucuri plugin is a trusted choice for maintaining the security and integrity of WordPress websites.

We mentioned many of these actions in our strengthening WordPress security for advanced users article.

Getting Help to Recover Your Hacked WordPress Site

The steps mentioned above will help you quickly recover your WordPress site. However, in rare cases, you may find yourself in a much more difficult situation. For example, a hack may keep coming back, or you may be unable to locate malicious code in your database.

First, you must understand that whatever is happening to your site has already happened to thousands of websites. There are already solutions available no matter how difficult your situation seems. Apart from official WordPress forums, you can try other web development communities for help. The Stack Exchange site for WordPress is another great online community where you can get help and advice from experts.


It is necessary to emphasize the importance of changing all passwords, creating a backup, and restoring from it if your site has been hacked. Furthermore, how to find and remove backdoors that hackers use to regain access is equally essential. Tools like Wordfence and Sucuri are recommended for scanning and securing your website.

Subscribe To Our Newsletter

Receive all of the latest news and updates fresh from ThemeFusion!

Leave a comment