Website Hacked? Here’s what to do to recover your website

Website Hacked? Here’s what to do to recover your website

Website hacked? Well, it is a common occurrence in the virtual world. With millions of websites hosted on the internet and thousands more coming up daily, it is no surprise that the troublemakers are not far behind. Having your WordPress website hacked by hackers can be a nightmare, especially if you are unaware of it. A greater percentage of hacking victims do not realize that their website has been hacked until it is too late to repair the damage. So before we look at how to recover a hacked WordPress website\, let us understand how to identify a hacked website

Signs that a website has been hacked

The following are some telltale signs of a hacked website –

  • The presence of disguised or encoded text in plugins.
  • Popups that you did not employ are displaying on the site.
  • The Redirection of the website to another URL.
  • Text that seems out of place showing in the footer or after clicking on ‘view source.’
  • an occurrence of the strange activity.
  • Changes in website traffic or bandwidth usage.

Look out for these signs of trouble when you have doubts that your site has been hacked. They aren’t very difficult to spot, and once you find the problem areas, it’s even easier to address them.

What are hacked websites used for?

This would be the next obvious question for someone who has been at the receiving end of this malicious activity. Hackers commonly use compromised websites for the following purposes –

  • Hosting malware
  • Pornography
  • Hosting phishing or scam pages
  • Vandalism
  • Hosting controversial or illegal content/activity
  • Redirecting to other URLs
  • Sending backlinks or creating backdoors to their websites

The downside of having your website hacked is that it can severely affect your Google ranking, your traffic, your business, and in the worst-case scenario, your credibility. Hence, it is always better to play it safe and have some preventive measures in place beforehand. But if you did, then you wouldn’t be reading this article. Let’s delve a little deeper into how to recover your hacked WordPress website.

How websites can be hacked – Security issues

There are many reasons why hackers target certain websites to hack. Weak security measures, for instance. The following are some common security issues.

Machine or Local Network

Your machine or local network can be attacked by a virus or malware if you browse an unsafe or malicious website. The best way to prevent this is to install an anti-virus and firewall and run them regularly to ensure that your machine is safe.

Shared website host

Shared website host providers are platforms where you can host your website for a low charge. The downside is that there are thousands of other websites on there too. And if one or more of them are hacked, chances are it won’t take long for your website to be affected.

Ineffectual usernames/passwords

When creating accounts or resetting passwords, it is always a good practice to have strong passwords and usernames that are a combination of numbers, alphabets, and special characters. Predictable ones make for a vulnerable website.

Theme or plugin bugs

WordPress themes or plugins can also contain bugs that can affect your website if you install them. Hence, always conduct thorough research on all the themes and plugins before you download them. And don’t forget to check the ratings too.

Un-updated themes or plugins

Installing updates of themes or plugins is always recommended because they are upgraded with better security features. This protects your site from being hit by bugs to some extent. But remember to always back everything up before you install the updates.

These security issues must be given due consideration to prevent your site from being hacked or harmed in any other way.

Website Hacked? How to recover a hacked WordPress website

Once you are certain that your website has been hacked, there are certain steps that you can take to recover it.

Consult a professional

If you are not confident enough about DIY website recovery, then simply call in a professional. It will cost you a bit, but you can be assured of everything being done right.

Contact your hosting company

If you can log into your website, then note down all the details of the hacking. What is happening on the page, what you can see, etc. Then contact your host service, provider. Most good companies have staff trained to deal with such crises. Follow their instructions.

Restore your website from backup

If you have created backups of your website, then simply restore it to the last version before it was hacked. However, there is a good chance that you will lose all your current data and content. In this case, or if you haven’t created a backup, you can manually remove the hack to prevent loss of data.

Scanning and removing malware

Hackers create backdoors to prevent going through regular authentication to get access to your website. They commonly create these in inactive themes and plugins that you don’t use. Uninstalling these is one way to remove the backdoors. Then run a scan on your website. The following are some software for scanning, identifying, and fixing the hacks.

  • Sucuri
  • Theme Authenticity Checker (TAC)
  • Qualys Browser Check
  • Webcheck)
  • Stop Badware Clearing House

This software is helpful in spotting infected areas. Once any problem is located, it will show you a notification.

Changing user permissions

For every website, there are only a select few users who can log in and make modifications. However, if a hacker has gotten access to your website, chances are they might be visible in the list of users. Go to the user section of your WordPress website and check whether any unknown users have been added. If so, remove them immediately.

You will also need to change your password encryption security keys from the wp-config.php file. If the hacker has stolen your passwords, then simply removing them won’t help as their cookies will still be valid. To remove the cookies, you have to reset the security keys.

Reset passwords

Once the necessary cleanup has been done, you should ideally reset your passwords again. Also, have all your other users reset their passwords. If you use the same password elsewhere, then change that too.


Having your website hacked is unfortunate. Although there are ways to recover it, you should make it a point to install some preventive measures for the future. Some tips to prevent your WordPress site from getting hacked again are –

  • Set up a firewall software that monitors all activity on your website and blocks attacks.
  • Preferably switch your hosting service provider to WordPress managed to host.
  • Protect your admin section with passwords.
  • Setup a warning message after a limited number of failed attempts.

Although complete protection is never possible, nor is it true that your website will never get hacked, it is always better to be extra careful.

Pooja loves all things WordPress and thoroughly enjoys coming to work every day. Her team loves her too, though she suspects it is a little to do with the fact that she cooks and bakes yummy goodies for them often.

4 Comments on “Website Hacked? Here’s what to do to recover your website

  1. My website has been hacked once and it was really painful to recover it. After I changed my hosting provider, never had any attacks anymore, even though I didn’t install a security plugin. So, that makes me think that a good hosting provider is even better than all these security plugins.

  2. This is great post Pooja. You saved my life, my website was hacked. Thanks for your support.
    Getting your website hacked is no fun. But you are able to recover from it. So stay calm and call in the right support team to get it fixed and running again.


  3. Surely a good hosting provider solves this problem. I already had a hacked website and it was an inconvenience so I could recover. To avoid this you need to choose the provider well and if it is wordpress there are several plugins that already help in the security of a website.

  4. What if you cannot login into your website anymore because you were blocked by the hackers? What can you do? Please kindly advise. Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *