If your WordPress website is hacked, you need to fix it immediately. Hacks cause serious damage to websites – some of which can become irreparable. Why are hacks so dangerous and need to be cleaned up quickly? Hackers use your site to carry out malicious activities such as phishing, defrauding visitors and stealing confidential information, among a long list of other things.
When your site is involved in such activities, search engines like Google will blacklist your site. Your web host will suspend your hosting account which means your site will be taken offline. Your revenue will plummet and your reputation will take a hit.
If you’ve already tried a few hack repair solutions, you’d realise that not all of them work effectively in getting rid of a hack. But don’t worry. In this guide, we’ll show you the right steps to take in order to make your site 100% hack-free and restored back to normal. We’ll also show you ways to prevent WordPress website hack attacks.
TL;DR – To repair a hacked website effectively, use a security plugin. Install MalCare on your site and it will automatically run a deep scan for malware. After it identifies the malware on your site, you can clean it using MalCare’s Instant Malware Removal. Your WordPress website will be hack-free within a few minutes.
Before you jump into cleaning your WordPress site, you need to be sure that it is hacked. We’ll first discuss the different signs or symptoms of a hacked website.
Basic Symptoms of a Hacked Website
While there are many signs of a hacked site, there are some that are more frequent and common. Here, we discuss the classic signs that will indicate your site is hacked:
1. Your Homepage Looks Different
This is one of the first changes you may notice. When you visit your website, you might see that a hacker has changed the content. Your website may be displaying ads and banners that are for illegal and adult content. They may have changed your homepage to sell their own products.
2. You Are Unable To Log Into Your Admin Panel
Another classic sign of a hack is being locked out of your website. When hackers gain access to your site, they remove your admin privileges by deleting your account. If you are unable to login and you see that your account does not exist, you can be sure your site is hacked.
3. Your Website Suddenly Slows Down
There could be many reasons why your website is slow such as too many images or videos. But if you notice a sudden drop in your website’s performance for no apparent reason, you can suspect your site is hacked.
Your website uses resources from your webserver to run its usual activities such as displaying content to visitors. When hackers break into your site, they use it to run their own malicious activities which usually require a lot of resources. Their activities consume your server’s resources which would otherwise be dedicated to run your site. This brings down its performance and makes it slow. You can check your website’s performance using Google’s Pagespeed Insights.
4. Your Site Displays Malicious Ads And Pop-Ups
Hackers may use your site to advertise illegal or counterfeit products. They display ads for adult websites. Visitors will find these pop-ups difficult to close.
Such pop-ups can also initiate automatic downloads on visitors’ computers. These downloads contain malware that will infect the user’s computer or device.
5. Google Marks Your Site As Deceptive or Not Secure
Google prioritizes their users’ satisfaction and safety. They constantly monitor and scan sites for malware. When they detect malware on your site, they blacklist it and display a warning like so:
This alerts visitors that your site is deceptive and is not secure. If you see this kind of warning when you try to visit your site, it means Google has flagged your site for malware.
6. Hosting Provider Takes Your Site Offline
Your host might’ve sent you an email stating that your account has been deactivated or suspended. Here’s a snippet of what the email would look like:
7. Decline In Site Traffic
If you’re using a tool like Google Webmasters to track your traffic, you can see if there’s a sudden decline. Many times, such a decline could mean you’ve been penalized by a Google algorithm update.
But if there was no update and there’s no reason traffic should’ve dipped, then it may be a hack. Hackers use tricks to steal your traffic and divert it to their own websites. Instead of using the legitimate route to gain SEO rankings and traffic, they simply hijack yours.
8. Ranking For Random Keywords
You may notice that random keywords are showing up in Google Analytics or any other keyword tracking tool linked to your site. This is a definite sign of a hack. A lot of hacked websites are known to display keywords like “buy cheap online”, “buy viagra online”, “cheap branded products”, and the like.
Getting to the top ranks on Google takes a lot of time and effort. Instead of putting in the hard work, hackers hijack your SEO efforts and inject their own keywords. They use this SEO Spam trick as a shortcut to get their products or websites to rank.
If you’re noticing any of these symptoms on your website, you need to confirm if it’s a hack. There are many tools you can use to do this which we’ll discuss in the next section.
How To Check If Your Website Is Hacked
If you suspect your site is hacked, we recommend using the following tools:
- Web Security Scanner
- Google Search Console
Use A Security Scanner To Check If Your Site Is Hacked
Using a website security scanner to scan your website is easy.
Step 1: Install the MalCare Plugin
MalCare is easy to install and use. Simply install and activate it directly from the WordPress repository or from the MalCare website.
Step 2: Scan your Site’
If you’ve installed the plugin directly on to your site, access MalCare from the left-hand panel. Select ‘malware scan’ and click on ‘scan site.’
If you’ve installed MalCare through it’s official website, you can add your site to the dashboard and the scan will automatically begin.
After the scanner combs through your website’s files, folders and database, it will identify the hack and display and alert like so:
Note: In case you don’t have access to your wp-admin account, you can contact the dedicated MalCare team to scan your site for you.
Use Google Search Console to Check If Your Site Is Hacked
Alternatively, you can log in to your Google Search Console account. If you don’t have one, you should create one immediately. Next, access Security Issues on the left-hand panel. Here, Google will alert you if it has found any security threats on your site.
The drawback here is that if Google has not yet crawled your site and found the malware, it will show that your website is safe when it’s not.
Once you’ve identified the hack, you can begin to fix it. Let’s take you through the process.
Repairing Hacked Website: Step-By-Step Guide
There are two ways you can repair a hacked website – manually or using a plugin.
Manually Repairing a Hacked Website
We don’t recommend this hacked website repair method and we’ll explain why.
- This method requires a significant amount of technical knowledge. You need to be familiar with the backend of your WordPress site. Not many are! WordPress is designed to make creating a website easy for anyone – without the need for any coding knowledge. If you don’t have a sufficient understanding of the inner workings of WordPress, it’s best not to attempt this.
- Diving into the files and folders of your site and making changes is extremely risky. A small error or omission in coding can cause your site to crash.
- This method is extremely time-consuming and requires dedicated resources to manually scan your site, locate the infection and delete it. In most cases, hackers inject their malware into multiple files and your database, so it’s difficult to locate every instance of malware present.
- Lastly, you will need to look for code that is known to be malicious such as ‘base_64” and ‘eval’. If a hacker designs a new code or disguises it well, you won’t be able to find it. If you manage to find the infected files, you need to delete them or delete the malicious code that’s been injected. And if these files are co-dependent on other files, deleting them will cause your site to break. Therefore, this method is ineffective most of the time.
Instead of going through this ordeal, we recommend using a reliable and effective WordPress Security Plugin that will scan your site and remove the malware. There are many plugins available in the market that offer scanning and WordPress malware removal services. However, not all of them are effective and provide ample protection.
To restore your website back to normal and have effective protection, we’ll use the MalCare WordPress Security Plugin. We’ll explain why we choose MalCare and how to use it next.
Using MalCare to Repair a Hacked Website
We’ve selected MalCare to repair your hacked WordPress website because of what it has to offer:
- MalCare was designed after analyzing over 240,000 WordPress websites. It uses over 100 intelligent signals that help find and remove every trace of malware instantly.
- Many plugins rely on outdated methods like pattern or signature matching where the scanner is only looking for known malware. But MalCare is carefully crafted to rise above the matching method. Instead, it analyses the behavior of your website’s coding. Using this method, it’s able to determine which code is malicious and which is not. Therefore, it doesn’t matter if a hacker hides or disguises it, or has come up with brand new malware. MalCare can find any kind of malicious code.
- It works efficiently and quickly. MalCare can identify malware and clean your site within minutes. This is possible because of its automated process. Most plugins rely on a process that requires you to contact the website security team. They will then assign an analyst to your case who will manually clean your site. This malware cleanup process can take hours up to weeks.
- You don’t have to hand over control of your site to a third-party website security personnel to clean your site. MalCare has an auto-clean option that doesn’t require any interference from outsiders.
- There’s a dedicated support team of security experts available around the clock to help you with any security issues you might face while cleaning your site.
Now that you know why we’ve chosen MalCare, we can begin to clean your site. Earlier in the article, we covered how you can scan your site with MalCare. Once scanned, MalCare shows you how many hacked files present on your site. We can proceed to cleaning your site.
Clean your site with MalCare
Cleaning your site with MalCare is as easy as one click. On the same page, click on the ‘Auto-clean’ button.
Note: WordPress Malware Removal is a complex process and therefore, is a premium service with all plugins. If you haven’t purchased a plan, you will see an option to ‘upgrade’ instead of ‘auto-clean’. Once you upgrade to a premium plan, you can auto-clean your site. MalCare will continue to protect your website from hackers for a year.
MalCare will clean your site within a few minutes and alert you once it’s done. We recommend running a second scan to double-check. You’ll see a screen like so:
This screen will indicate whether you need to update your plugins or themes, and your WordPress core. It will also show you if any search engine has blacklisted your site. If you’re on the Google blacklist – check out our guide on How to Remove Google Blacklisting easily.
Lastly, you can apply recommended WordPress hardening measures to make your site secure. We’ll discuss this further in the next section.
MalCare offers you all-round WordPress management and website maintenance solutions. And with that, your WordPress site should be completely free of malware and secured against any hack attacks. Before we wrap up, we’ll give you important tips that you can implement hacked website repair solutions on your website in order to prevent such hacks in the future.
How To Prevent Hacks on Your WordPress Site
We’ll give you five simple steps to secure your website against hackers:
1) Use a Security Plugin
Always keep a security plugin active on your WordPress site. Hackers like to prey on easy targets – it doesn’t matter if your site is big or small. When they see that you have basic website security measures in place, there are high chances that they’ll make a few unsuccessful attempts and move on to the next target.
We recommend installing MalCare. It will scan your website daily for malware and alert you if it finds anything suspicious on your site. It will put up a firewall that proactively defends your site and blocks hackers. And it also automatically implements login protection on your site that limits the number of chances a user has to enter the correct credentials. This blocks brute force attacks wherein hackers try to guess your login credentials to gain access to your site.
2) Update Your WordPress Site Regularly
WordPress is a secure platform to build your website. However, we must all consider the fact that every WordPress site uses themes and plugins created by third-party developers.
Over time Security issues will develop in any software. And when this happens, developers fix the security flaw and release a patch in an updated version. You will see an update available in your WordPress dashboard:
Once you roll out the update, the security flaw or vulnerability will be fixed. But if you choose not to update, you leave your site vulnerable to attacks. This is because when an update is made available, the developers publicly announce what the issue was and what has been fixed.
So hackers know to look for this vulnerability. They find websites using outdated software and launch their attacks.
We recommend updating your WordPress website regularly. If you find it hard to keep up with updates or face issues with rolling them out, refer to our Guide on How to Safely Update your WordPress Site.
3) Harden Your WordPress Site
WordPress.org recommends certain steps to harden your WordPress website. This means you simply make your site stronger against hackers by removing common entry points.
These measures include limiting login attempts, implementing 2-factor authentication, disabling file editor, disabling plugin installation, resetting passwords and security keys, among others.
However, some of these measures are technical and it’s easy to run into roadblocks trying to implement them. So if you’ve installed MalCare, you can implement hardening measures directly from the dashboard with just a few clicks.
4) Monitor Your Themes and Plugins
Statistics show that most hacks occur through vulnerable themes and plugins. Many times this happens because of nulled or pirated versions of themes and plugins. While these versions are free, they always have pre-installed websites malware. This enables hackers to distribute their malware and infect many websites. So by installing it on your site, you install the malware as well. We don’t recommend using nulled software ever.
Apart from this, developers of themes and plugins work hard to maintain their creations and keep them up to date. However, some developers don’t update their software regularly and sometimes they abandon it when it becomes difficult to maintain.
The responsibility of monitoring your themes and plugins falls on you – the website owner/admin. You need to make sure you use trusted themes and plugins from the WordPress repository. Keep track of them and ensure that you update them regularly. Lastly, keep only the themes and plugins you use. Delete any inactive ones you may have on your site. This will remove unnecessary elements on your site that can make it vulnerable.
5) Use An SSL Certificate
When you run a website, data is transferred between your visitor and your site. Information is relayed between browsers and servers. Some of this data can contain sensitive information such as usernames and passwords, credit card information or private data of your visitor.
Hackers use different techniques to intercept this data while it’s in transit. To remove the risk of this happening, you can use an SSL certificate. It provides encryption of data while it’s being transferred. So, even if a hacker manages to intercept the data, they won’t be able to decipher it as it will be encrypted.
If you’ve implemented these measures, you can be sure you’ve made the hacker’s job extremely difficult. You can rest assured your WordPress website is safe.
Having cleaned so many hacked WordPress websites, we know the pain website owners face when their site is under attack. Many times, hackers install backdoors that allow them to re-enter a site even after it’s cleaned and hack it again. It becomes a nightmare to deal with.
To avoid such situations and clean your site correctly, simply install MalCare. It will comb through your site and remove all traces of malware. You can finally have peace of mind knowing your site is in good hands. MalCare will continue to protect your website against hackers by putting up a strong defensive firewall along with scanning your site every day.
Repair Your Hacked WordPress Website With MalCare!