What to Do When Your WordPress Site Has Been Compromised

15 May, 2020
Rio Prawira
6min read


  • Have Your Backups Ready
  • Change your Passwords and Salt Keys
  • Keep an Eye on Changed Files
  • In a Nutshell

WordPress has been the staple content management system (CMS) platform for eCommerce, blogs, and social or news platforms ‒ among others. Because of its popularity, developers are continuously developing it for stability and productivity.

On the other hand, it has also caught the eyes of many online hackers. Even the smallest vulnerability in the code may be used as a backdoor to let hackers get their hands on sensitive and essential information.

Hence, if you are using WordPress for running your website, keeping it safe from hackers is a necessity. 

Moreover, you might have a feeling that something is off with your webpage. If your WordPress security plugin raises alerts of hacked or infected files, then you can almost conclude that your website has been hacked.

Besides, knowing that someone hacked your website may leave you terrified. But now’s not the time to panic. Instead, think about installing a security scanner and a File Transfer Protocol (FTP) client before anything else. A few more steps will help you recover your webpage and make it live as soon as possible.

That said, here’s a guide about what you can do when your WordPress site has been compromised and how to prevent any future attacks.

Have Your Backups Ready

Before you first publish your webpage online, you should prepare for any potential attack and security flaws. Regardless of whether it runs on WordPress or another content management system, having an instant countermeasure when something goes wrong should be a priority.

You can do this by keeping a regular and updated backup of your website. This includes saving its database, system files, and other content. So that when your site gets compromised, you can restore a clean version from a backup drive and quickly get your webpage up and running.

Moreover, failing to keep a backup of your entire webpage can only make the recovery process all the more difficult. Without a clean copy, you’ll have to soldier through the installation as a whole and look for potential malware, delete it, and hope that you’ve fixed the problem.

But there’s also another option: relying on your web host. Some web hosting services offer a clean backup of your website to help you out of miserable hacking situations. 

But still, it is best to take matters in your own hands and have a backup hard drive ready. Putting your trust in other services against hackers is not a sustainable and efficient plan of action.

Change your Passwords and Salt Keys

Regardless of the weak points that a hacker exploited to attack your site, they could most likely have administrator access. Hence, it would be best if you considered changing the passwords for every administrator account. 

Also, unused and inactive accounts not only clutter your database, but hackers can also exploit them. Thus, it would be helpful if you delete them.

Additionally, changing your website’s database username and password will help prevent any future MySQL injection attacks as well as stop any ongoing ones. Lastly, think about changing your WordPress salt keys, to kick out all logged-in users, including any spying hackers.

Keep an Eye on Changed Files

The job is not quite done after you’ve managed to upload a backup and restore your webpage. Keeping an eye on your files and figuring out exactly what happened is a crucial step to patch any weak points.

Besides, your backup files may look clean ‒ but without fixing the security flaws, you are only leaving your webpage vulnerable to another attack. 

So if you can, try to grab a copy of the hacked website or take a look at the latest backup and run it through a security scanner tool. Site security checkers will help you find leads that could point towards flaws and issues within your webpage. Hence, after grabbing a copy of the infected site, it’s time to search for clues.

Here are some items and data that you may want to check out:

WordPress Core, Plugins, Themes

A key point to remember is that hackers can inject malware and spyware on many sections on your WordPress page. Be it a core file, a WordPress plugin, or any theme. Even widgets and passive elements could be enough to exploit as a backdoor.

Hence, it is vital that you keep an eye on these applications. Try to notice any subtle changes and modifications that could have led to the hacking and restore them to their previous settings. You can also upload your clean backup copy for a quicker fix.

Also, check out your server’s file permissions and make sure that they comply with recommendations from your web hosting service and WordPress itself.

Look at Modified Dates

By keeping an eye on your data, you’ll find traces of files that have suspicious modification dates. For example, if you haven’t customised your theme or published content in a few months ‒ and end up finding a recently edited file, it could indicate a foul play.

On the other hand, looking at changes within plugins can be more difficult as these are frequently updated. So if you’re suspicious that something’s up with your plugins, check its file changelogs.

A changelog will tell you when the last update was. Hence, if you didn’t touch the plugin until its new update, you will have a narrower time frame to look for. 

Examine Suspicious Files Carefully

Let’s say you’re able to narrow down your search into a suspicious file. The next thing you want to do is run it through a reliable malware scanner and try to inspect its code. 

However, make sure to be careful when doing this as it could compromise your computer or spread through the internet. If you’re intimidated about opening the suspicious file, you can have a professional look onto it.

One thing to remember is that malicious code sticks out like a sore thumb. But if the malware is well-written and is concealed seamlessly within the file, you can use the backup/clean copy of the file to compare them. The differences within the lines of code, modification date, and file size will help you identify that something may be wrong.

Head to the Forums

WordPress.org has an elaborate and well-established community of developers and users in its support forums. After finding out the suspicious files and compromised data, there’s a good chance that other WordPress users have experienced a similar issue.

You can post and upload your findings in the WordPress forums to gather intelligence from other code enthusiasts and users. Having an educational discussion with experts and developers will significantly help you prevent future attacks, as well as contribute to the entire WordPress community.

Furthermore, the WPScan Vulnerability Database contains an extensive list of plugin, theme, and WordPress core security information. If you have the time, this is a great place to search for known problems.

Reach Out to Your Web Host

You can’t ensure that your web hosting service can safeguard your site from an attack. However, contacting them will be a viable option to help you understand the nature of the hacking and prevent a future attack.

Moreover, if you’re unable to identify the website’s vulnerabilities that led to the hack, your web hosting service can be a significant and helpful resource. They can review similar issues with other web clients and identify a weak spot in your page for them to patch.

Aside from that, other web hosting services offer security scans and malware or spyware cleanup. Though it costs a bit of your savings, it will help strengthen your site’s stability so that you can focus more on productivity. 

Spending a small amount for your website’s security will eventually pay off ‒ especially when you’re managing an eCommerce or marketing website. Just be careful to read and understand the warranties involved in the service, so you make the most out of your investment.

In a Nutshell

Having your WordPress website hacked won’t necessarily spell the end of your website. By following the above steps and making sure you have prepared a contingency plan, you can get away with future attacks and possible threats.

Likewise, reinforcing your site’s security will be useful in preventing it from getting compromised from frequent WordPress attacks. Finally, a notice of notice is to stay vigilant about security flaws  and make sure not to take security and online privacy for granted.

Moreover, not everyone has the time and knowledge in fixing a website from any attack. Patching up security issues and developing an intuitive webpage will be more than daunting as well. 

At G Squared, we provide specialised WordPress maintenance services to suit all your eCommerce business needs. Call us today at (02) 9339 4500. 

Our awards.

More brands that we’ve helped.

Featured insights from our team.

Get in touch.

We’d love to hear what you’re up to and how we can help.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.