24/7 WordPress website maintenance services

With 24/7 access to the world's best WordPress Expert for unlimited small jobs

Is your WordPress website hacked? Maybe you doubt it, or you are pretty sure that it is indeed hacked, in either of the cases you need to handle the situation calmly and rationally. This article explains what you should do when your website is hacked. We describe a step by step approach to get back your functioning site when all seems lost.

Step 1: Don’t Panic

Yes, you read it right. Don’t panic is the most crucial piece of wisdom you will find in this situation. Being worried is one thing, and having a panic attack is quite another. Panicking doesn’t help in any way. When your website is hacked, you need to make careful decisions and follow specific procedures. All of this is impossible without a calm mind. So first of all, calm yourself down. And do not panic.

Here are the things that might need your attention when you stay calm:

  • Assess the hack: Figure out the severity of the hack. Try to be specific about the impact on your website
  • What have you lost so far?
  • Who can you contact?
  • What information you have with you?

Once you figure these things out, it will be easier for you to take the next steps.
A rational mind is always better than an erratic one.

Step 2: Check the status of your Website

You figured that your website is hacked because you noticed something was wrong with it. Maybe some spammy links were crawling on your website, some piece of utility was malfunctioning, or the whole site was inaccessible. Whatever the case be, you should check the status of your
website thoroughly.
Here are the things to check:

  1. List out the things that don’t work on your site. Let’s call these casualties.
  2. Rate the severity of these casualties. Gather some data about the nature of these casualties. The more you observe your website, the more you will be able to find useful data about the hack.
  3. Find out the things that are working just fine despite the hack.
  4. Is your website accessible through different browsers?
  5. How is your website working on mobile devices?
  6. Check which plugins are working
  7. Note down the plugins which are active on your website
  8. Gather any information you find useful

Step 3: Contact your Web Host

Once you have all the information you could gather, it is time to contact your web host. You must tell your web host about the situation so that your host can take measures against the hack. Nobody likes a hacked website, and your web host will help you out with whatever way possible.

This is especially true with managed WordPress hosting like Nestify, where WordPress experts help you out when your WordPress website is hacked. Our team of experts professionally cleans out your website and gets rid of the hack. Your website is back, fully restored, and fully functioning.
Contact your web host.

Step 4: Hire a Professional

If your web host is unable to recover your website, then you should consider hiring a professional. There are security professionals who specialize in recovering hacked websites. You do need professional help. It’s time you should avail help that you need.
You can hire someone you know, or you can try online services. Just be sure you hire someone reliable.

Step 5: Restore a Backup

If you do not get a WordPress professional to help you recover your website, then you can try this step for yourself. You can restore a backup of your website.
You need a backup copy of your website for this. If you are using a backup plugin, you will find a recent backup that will serve the purpose.
Just delete your website and restore this backup.

Step 6: Remove Malware

You can use security plugins to remove malware from your website. You should opt for a premium plugin to remove the malware thoroughly.

Since your website is hacked, you must remove malware from it to have the functioning website as earlier. This is an essential step every professional WordPress expert performs in the case of a hacked website.

Step 7: Update Everything

Once you have removed malware from your website, it is time to update everything about your website.
Update the WordPress core to the latest.
Update your WordPress themes.
Ensure you have the latest versions for all the plugins you are using.
And most importantly, create a backup.
Updating will ensure protection against known security vulnerabilities. It takes you a step closer to security. You can also read about how to analyze the security aspects of WordPress plugins.

Step 8: Change User Permissions

You should check and change user permissions for your website. After your website is hacked, it is more than likely that user credentials are compromised. You need to reset or change the user permissions to ensure better control over your website.
You can change this through Dashboard>>Users and then select the user.

Step 9: Change Passwords

This should come as a no-brainer. The moment you know your website is hacked, the first thing you should remember that your old passwords are a security risk.

Change all your passwords. It is better to be safe than sorry. Change passwords of not just the linked accounts but also of those you think might be compromised because of the hack.

So these were the essential steps you would need to take when your website is hacked. It is important that you should seek professional help. Contact your web host, hire a professional, or at least use a security plugin to remove malware. If you are using a managed WordPress hosting like Nestify, then you need not follow any of these steps as our experts handle everything for you.