What's WP
Our everything is about WordPress - best choice of WordPress users!
How to Fix a Hacked WordPress Site – Detailed Methods and Tips

How to Fix a Hacked WordPress Site – Detailed Methods and Tips

Hacker attacking seems a nightmare for all webmasters, for which can result in data loss, site crash, content vandalized, and some other disasters. To protect websites from malicious attacking, people play all their cards to improve the security level. However, there are still some unlucky people suffering a great deal of attacks, they may aspire to get out from under.

To this end, we list some methods and tips to help readers get an idea how to fix a hacked WordPress site and how to avoid the similar crises in the future. Note that, all common hacked issues shown as below come with valid methods as reference. And now, let’s get started to troubleshoot the following problems one by one.

Before everything, make sure that you have taken down your website for repairs and backed up all web content in advance so as not to lose any data during the process of fixing hacked website.

Change Username & Password

password protect websiteHackers always take advantages of the admin user names and passwords that are easy to guess. Once breaking the defense of your website backend, hackers stand a good chance to vandalize your website. To avoid such embarrassing situation, you are required to make your move to password protect your website.

The first thing to be considered is that you should replace the default username “Admin” to a customizable one and then give it a strong password. You’d better add letters, characters and numbers to your password and make it as long as possible. In this case, other people are hard to dope out such complex combination and have no way to destroy your website.

Besides the password of the website backend, we suggest you to change the password of FPT, databases, email and any other accounts as well. Honestly, it feels like to the least that you can do to turn the scale.

Check All Files and Remove the Hacked Ones

Scan all files included in your website and check if there are any hacked files existing. If so, you should remove those hacked files at once. However, if you have no idea how to scan the whole website without paying too much effort, we recommend you going with the Exploit Scanner, a great scanning tool that helps you seek out all threats hidden in the files.

You are required to go to your WordPress Dashboard > Plugins > Add New and search for Exploit Scanner. Install and activate this plugin to make it work for your website properly. And then, go to Tools > Exploit Scanner and click the “Run the Scan” button to start scanning your website.

exploit scanner

After a few seconds, a list of results comes to you. You are required to check if there are any hacked files included in the results. If any, modify the file or remove it singly. keep in mind that the wp-content, .htaccess, wp-config.php, favicon.ico, and the files in the first place should not be removed.

In addition to Exploit Scanner, there are some other options for you to scan your website, such as Sucuri Security, Anti-Malware, Theme Authenticity Checker, and so on.

Run the Latest Version of WordPress

The developers of WordPress keep updating the version of this great site-building platform so as to enable more advanced features for you. Besides, the security level has been improved as well. In this way, the issues existed in the previous versions will not rest in the newly released one and the functionality bugs are fixed by new updates automatically. Note that, if a new version is released in the market, then there is a notification shown in the admin panel. Click the given link and access to the latest version as expected.

By the way, we suggest you to update all plugins once there is a new version available, which is also a great method to enable higher level of security on your website. To do this, you just need to log into your WordPress Dashboard and go to Plugins > Installed Plugins and check how many plugins are “Update Available”. Target those plugins and click the “update now” one by one.

update plugin

Note that, if there is really something wrong with your WordPress or plugins/themes and you cannot make any improvement by following the above-mentioned method, we suggest you to reinstall all plugins/themes and re-download WordPress if needed.

Make Full Use of Security Plugins

WordPress has developed numerous security plugins for website security improvement, among which WordFence is highly recommended. Besides, we also list some other great plugins as below and each comes premium features.

  • All In Once WP Security & Firewall – a user-friendly and comprehensive plugin used for the safeguard of user accounts & login, user registration, database and file system. Besides, it enables the function of Blacklist and Firewall to prevent hackers from attacking your website effectively.
  • 6 Scan Security – a comprehensive auto-fix security plugin trusted by millions of users in the world. This plugin enables an automatic scanner for detecting SQL Injection, Cross-Site Scripting, Directory traversal, etc.
  • BulletProof Security – a rich-featured plugin designed for the security of firewall, login, database, and so on. This plugin allows .htaccess Website Security Protection, Login Security & Monitoring, HTTP Error Logging, and some other advanced features.

wordfence plugin

Contact Your Hosting Provider

Once subjected to hack attacking, you should keep you mind sober and think carefully before making a conclusion. If you have no idea where there is an error and who carry out attacks, you are contact the hosting provider and ask for help from the professional support staffs. If they do check out something wrong with your website, then you should act appropriately to the situation.

However, if your web host is responsible for the disastrous effect due to a service outage, you should consider whether the company is worth going right along. If not, a more secure and reliable hosting environment should be taken into consideration. To be honest, there are many excellent WordPress hosting companies available in the market as what we’ve shown you in the following table. They guarantee high level of reliability & security for each hosted website and keep improving the quality of all hosting solutions.


Lucy has been a very experienced SEOer, technical writer, web developer, c# developer since 2002. Now she owns a startup in San Francisco, CA, focusing on running a couple of blogs to share knowledge and experience with global readers and deliver exceptional results to global sponsors by leveraging the power of Internet.


Want to Learn More About WordPress?

Get Our Free Themes, Plugins, Support, SEO Tips, and Other Tutorials!

Email *