How To Clean Up Your Hacked WordPress Site?

It is very frustrating having a Hacked WordPress Site and not knowing where to turn and from where to start. A lot of companies in the hosting industry will simply suspend the account and tell the customer to clear infection but they do not understand the pain behind such trouble’s.


Also, it must be very easier task if any technical person handle such cases. One can easily identify/scan the hacked contents using below scanning website and can action accordingly. Lets follow these instructions to clean up your hacked WordPress site :

Free Malware Scanning for your Hacked WordPress Site:

Preventative Maintenance Against Hack of your WordPress Site:

It is best option to take preventative actions instead taking hack place. Below recommended actions can be taken to avoid such type of hacking issues for wordpress site’s:

  • Update your WordPress installation to the latest available version on regular basis
  • Keep your themes and plugins upgraded to avoid malware infection
  • If you have any themes installed under WordPress, please make sure that you update them to the latest version as well. Please try to avoid FREE THEMES, as most of them contains back links to spam sites and malicious codes. If you MUST you a free theme please read the following article first.

Install security plugins like:

Optimize your wordpress installation.

  • Password protect the WordPress admin directory (wp-admin) so that it will have an additional protection. You can do that through cPanel > Security > Password Protect Directories.
  • Recommended to use strong cPanel, FTP, Email, WordPress passwords

I have also published other topics like WordPress site migration, speed up your WordPress site and you can go through them if you have such other queries :

Auto Malware Scanning From Server Side to avoid Hacked WordPress Site:

Always go with the web hosting provider who regularly scan their servers against possibility of malware also it should be automated process. If any phishing contents identified by scanner then take quick action against it. However, it’s important to remember the account was still injected with malware, meaning their is a vulnerability in your website that needs patched.

Create backup file of website :

If you found suspicious phish/malware contents under your site and ready to make changes on your site, then you are requested first to take entire backup of your account from hosting cpanel. You can generate latest backup copy by going to cPanel -> Backups -> Download A Full Backup.

Replace Site’s Core WordPress Files :

After multi checks performed for your site and you are now sure that site got hacked. Then you can replace hacked files with the wordpress core files. You can download exact wp version from wordpress site and get the clean installation from their.

Update Themes And Plugins – After core files, its time to update themes & plugins. You can login into your wp admin area and can upgrade themes/plugins to latest versions. Make sure to remove unwanted files admin area.

Perform fresh Scan With Wordfence:

WordFence is a security plugin that has a free version that includes Malware scanning and will show you better results against hacked wordpress site. It is important to cross check site with wordfence scanner. WordFence will also send you an email when a plugin/theme/core file needs to be updated.

You can also go with the Trusted hosting provider named for your valuable sites and where you will be deal free of cost for such issues. With we try to help our customers that face this unfortunate situation as much as we can so they can return to their business as usual as quickly as possible.

Summary :

It is easy to recover hacked WordPress site by following above instructions. Also keep taking regular backups of WordPress site so you can avoid these stuffs and can directly restore site from last available backup.

Scroll to Top