Press ESC to close

Topics on SEO & BacklinksTopics on SEO & Backlinks

10 Steps to Recover from a WordPress Hacked Website

10 Steps to Recover from a wordpress Hacked Website

wordpress is an incredibly popular platform for building websites, but unfortunately, it is also a prime target for hackers. If your wordpress website has been hacked, it is crucial to act quickly to regain control and protect your website and visitors. In this article, we will outline 10 important steps you can take to recover from a wordpress hacked website.

Step 1: Identify the Hack

The first step in recovering from a wordpress hack is to identify the evidence of the hack. This can include strange or unexpected website behavior, unauthorized changes to your site’s appearance, or even a message from the hacker left on your site.

Step 2: Take Your Website Offline

When you identify a hack, it is important to immediately take your website offline to prevent further damage. You can do this by accessing the control panel of your hosting provider and temporarily disabling your website.

Step 3: Change All Passwords

Once your website is offline, change all passwords associated with your wordpress website. This includes your admin username and password, MySQL database password, FTP password, and any other passwords associated with your website.

Step 4: Scan Your Computer for Malware

In some cases, hackers gain access to your wordpress website through malware on your own computer. It is crucial to scan your computer using reputable antivirus software to remove any malware that may have enabled the hack.

Step 5: Identify the Vulnerability

After securing your computer, you need to identify how the hacker gained access to your website in the first place. Common vulnerabilities include outdated wordpress core, themes, or plugins, weak passwords, or even insecure hosting providers.

Step 6: Update Your wordpress Installation

If your wordpress installation or any themes or plugins are outdated, hackers can exploit known vulnerabilities to gain access. Update your wordpress core, themes, and plugins to the latest versions to patch any security holes.

Step 7: Remove Malicious Code

Once you’ve identified the hack and updated your wordpress installation, it’s time to remove any malicious code injected by the hacker. This may involve manually inspecting your files and database or employing a security plugin to assist.

Step 8: Restore from Clean Backup

If you have a clean backup of your website before the hack, restore your website from that backup. It is crucial to ensure the backup is clean and free from any malware or malicious code, so take caution and use a backup from a reliable source.

Step 9: Strengthen Security Measures

With your website back up and running, it’s important to implement stringent security measures to prevent future attacks. This includes regular backups, strong passwords, two-factor authentication, security plugins, and securing your hosting environment.

Step 10: Monitor and Stay Updated

Once you’ve recovered from a wordpress hack, it’s crucial to remain vigilant. Regularly monitor your website for any suspicious activity, stay updated with the latest security practices, and keep your wordpress installation, themes, and plugins up to date.


Recovering from a wordpress hacked website requires prompt action, thorough investigation, and diligent security measures. By following these 10 steps, you can effectively recover your hacked wordpress website and minimize the risk of future attacks.


Q: How can I prevent my wordpress website from getting hacked?

A: To prevent hacks, you should always keep your wordpress core, themes, and plugins up to date, use strong and unique passwords, regularly backup your website, and employ security plugins.

Q: Can I recover my hacked wordpress website without professional help?

A: Yes, you can recover your hacked wordpress website without professional help if you are familiar with the necessary steps. However, it is advisable to seek professional assistance if you are unsure or do not have the technical expertise.

Q: Should I pay a ransom if my wordpress website is hacked?

A: It is strongly discouraged to pay a ransom if your wordpress website is hacked. There is no guarantee that the hacker will fulfill their promises, and it may only encourage further attacks. Focus on recovering and securing your website instead.

Q: How often should I scan my website for malware?

A: It is recommended to scan your website for malware regularly, ideally at least once a week. This helps you identify any potential threats early and take necessary action to protect your website and visitors.

Q: What should I do if my website gets hacked again after recovery?

A: If your website gets hacked again after recovery, it is essential to reassess your security measures. Double-check if you have implemented all the necessary steps outlined in this article and consider seeking professional assistance to identify and rectify any vulnerabilities.