WordPress is a powerful tool for building websites.
But with great power comes a greater chance of attracting trouble.
If your site admin accounts have weak passwords and you don’t keep your WordPress files updated then you’re just counting the days before a hacker gets in and makes a colossal mess of your site.
And if you don’t get it cleaned up right the first time it will come back.
I know a guy who had his site hacked once, but didn’t keep it secure after.
When the hacker got in again they generated over 900 extra pages of fake content on his site that Google not only found, but also added to their search results.
It took months to convince Google that the site was not a Russian dating service.
You don’t want to get hacked.
But if for some reason your website gets an unwelcome addition, I’m gonna show you how to get it cleaned out and locked up.
How do I know if my site is hacked?
You’ll probably hear about it first from a friend (or worse, a customer) that visits your site and notices something odd.
Either the page is showing content they weren’t expecting or they get redirected to a site that’s not yours.
One time I had a site that would only redirect a visitor if they came from a Google search page, but would act normal if they went directly to the site.
Here are some websites you can use to check if your site has been hacked.
If those sites don’t return anything suspicious, but your site is still acting weird, then the next place to check is your server.
Either use an FTP program (like Filezilla) to log into your server or use the File Manager page that your web host gives you access to in your control panel dashboard.
Here you’ll need to look for two things..
1. Weird filenames
2. Weird code
And by weird I mean it looks like someone just banged a keyboard for a couple of seconds.
Kinda like this..
If you see any files like this then you are probably hacked.
If not, then the next place I check are these files in your site directory..
Look at the very top of these files and see if there’s anything weird looking with a bunch of random letters, numbers and symbols all strung together in a line.
If you see that, then you’re probably hacked.
But if you can’t find anything like that, then you can also ask your web host if they have a way to scan your site for hacked files.
Chances are though, they will only tell you yes or no and then say you’re on your own to get it fixed.
How to Get Your Site Back to Normal
If you don’t have that kind of money, then here’s the next best thing.
Log into the server with either an FTP client or the File Manager page and create a new folder called “quarantine”.
Then drag all of the files and folders into that new folder.
Next, go to WordPress.org and download a fresh copy of WordPress.
Unzip these files and then upload them to your server.
Visit your site and you should see the install screen for WordPress.
You’ll first be asked to select a language and then the next screen will ask you for the login information for your database.
I usually go into the quarantine folder and get that information from the “wp-config.php” file.
It’ll be towards the top and you’re looking for DB_NAME, DB_USER, DB_PASS, TABLE_PREFIX.
Copy/paste this info into the right boxes on the install screen.
If you do this right, then the next screen should say you’ve already installed WordPress and you just need to login.
Try logging in and if that works then the next step is to change all the passwords of your admin accounts.
The next step is to reinstall fresh copies of your theme and plugins that you had on your website.
I would also install a security plugin like Wordfence or Sucuri to start protecting your site a little more.
This won’t fix the problem completely, but it will be a better setup than you had last time.
Once everything is up and working, I would install a backup plugin like UpdraftPlus or All-in-One WP Migration and make a copy of your site.
This is usually a long and tedious process.
Not fun at all.
But after you go through this once you’ll be better prepared to keep your site protected from future attacks.