Web750 Support Articles and How-to guides:

What to do if your website based on WordPress gets hacked or infected with malware

When a website becomes the victim of hacking or malware infection, it poses severe risks to its integrity, user trust, and overall digital presence. Such incidents can lead to unauthorized access, data breaches, and potential harm to visitors. Responding swiftly and effectively is crucial to safeguarding the website and its users. In this situation, immediate action is required to contain the breach, identify the source of the attack, and implement robust security measures to prevent future occurrences. Addressing the issue with an organized and well-coordinated approach ensures the restoration of website functionality, protects sensitive data, and reestablishes credibility in the online domain.

Detecting Vulnerability: Key Indicators of a Compromised WordPress Website

When your WordPress website starts displaying unexpected behavior, the possibility of a hack demands immediate attention. Detecting whether your site has fallen victim to a breach is vital to protect your data and restore normalcy. Sure telltale signs serve as red flags for potential hacking incidents:

· Login Difficulties

· Unexplained Site Changes

· Unwanted Redirects

· Browser Warnings

· Security Plugin Notifications

· Hosting Provider Alerts

By examining each of these indicators in detail, we can gain valuable insights into potential security breaches and take steps to mitigate the risks posed by a compromised WordPress site.

Login Difficulties:

Difficulty logging into your WordPress site can be a strong indicator of a potential hack. Unauthorized access by malicious entities may lead to login issues, denying you access to the admin panel. If you encounter this problem, it's crucial to investigate immediately to safeguard your website's security and data integrity. Prompt action and thorough examination of the situation can help mitigate risks and restore normalcy to your WordPress site.

Unexplained Site Changes:

Discovering unauthorized changes on your WordPress site significantly indicates a potential hack. If you notice alterations to your site's content or design without your authorization, taking immediate action is essential. Hackers may replace your homepage, add new content, or make other modifications that compromise your site's integrity and user experience. Vigilance in promptly identifying and addressing such changes is crucial to ensure the security and credibility of your WordPress site.

Unwanted Redirects:

Experiencing unexpected redirects on your WordPress site is a concerning sign of a possible hack. If your website redirects visitors to other unknown or malicious sites, it indicates unauthorized access and manipulation by hackers. Such actions can lead to compromised user experiences, data theft, or phishing attempts. Addressing this issue immediately is vital to safeguard your website's reputation and protect visitors from potential security risks. Investigate and rectify these redirections to maintain the integrity and security of your WordPress site.

Browser Warnings:

While trying to access your WordPress site, receiving warnings in your browser is a critical red flag for a potential hack. These warnings are often triggered by security measures implemented by browsers to protect users from visiting compromised or malicious websites. Such alerts indicate that your site might have been compromised, leading to potential security risks for visitors.

Security Plugin Notifications:

Receiving notifications from your security plugin about your WordPress site is crucial for detecting potential hacks. These alerts may indicate unauthorized access, suspicious activities, or unexpected changes to your website. Attention to these notifications is essential to proactively address security breaches, identify the source of the issue, and implement necessary measures to prevent further damage.

Hosting Provider Alerts:

When your hosting provider issues alerts regarding your WordPress site, it demands immediate attention. These alerts often signal unusual activities or suspicious behavior associated with your hosting account. Responding promptly to such notifications is vital to safeguard your website's security and prevent potential hacks. Your hosting provider's vigilance can help you detect security breaches early, allowing you to take necessary actions to mitigate risks, restore data integrity, and maintain your WordPress site's overall reliability and performance.

WordPress Site Hacked: What to Do (Step-By-Step Guide)

In the unfortunate event of your WordPress site being hacked, an organized and timely response is essential to mitigate the damage and restore its security. Follow this step-by-step guide to handle the situation effectively:

Don't Panic:

In the face of a WordPress site hack or any cybersecurity incident, it's crucial not to panic. Panicking can hinder your ability to respond effectively and make clear decisions. Instead, take a deep breath, stay composed, and follow a systematic approach to address the situation. Gather information, consult reliable resources, and seek assistance from security experts. Remaining calm allows you to focus on resolving the issue efficiently and minimizing the hack's impact on your website and its users.

Assess the Situation

Thoroughly assess the situation after a WordPress site hack. Determine the extent of the damage, identify compromised areas, and understand the nature of the security breach. This assessment forms the foundation for an effective and targeted response to mitigate the hack's impact and restore site security.

Isolate the Site:

Isolating the compromised WordPress site is crucial to prevent further damage. Take the site offline or restrict access while investigating and resolving the hack. By isolating the site, you minimize the risk of spreading malware to visitors and ensure that hackers cannot continue their unauthorized activities. This temporary measure buys you time to address the security breach without compromising the integrity of your website or endangering your users' data.

Backup Data:

Before proceeding with any recovery efforts, create a comprehensive backup of your WordPress site's data. Backing up both files and the database ensures you have an operational copy of your website's content and configurations before the hack. This precautionary step acts as a safety net, allowing you to restore your site to its pre-hacked state if needed. Regularly maintaining backups also helps protect your valuable data and simplifies the restoration process in case of future security incidents or technical issues.

Notify Users:

In the event of a WordPress site hack, promptly notify your users about the security breach. Transparent communication builds trust and empowers them to take necessary precautions. Inform them about the incident, potential risks, and any actions they should take to secure their accounts. Guide changing passwords and being cautious with suspicious emails or links. Keeping users informed shows your commitment to their safety and fosters a sense of community, even during challenging times.

Change Passwords:

After a WordPress site hack, changing passwords is a critical step to enhance security. Reset all passwords associated with your website, including admin accounts, FTP credentials, and hosting logins. Choose strong, unique passwords that combine letters, numbers, and symbols. Regularly updating passwords helps prevent unauthorized access and reduces the risk of further breaches. Additionally, implementing two-factor authentication provides an extra layer of protection, further securing your WordPress site and safeguarding sensitive data from potential threats.

Update Software:

Updating software is imperative after a WordPress site hack. Ensure your WordPress core, themes, and plugins are up to date. Software updates often include security and performance patches that address vulnerabilities hackers exploit. By staying current and up-to-date with the most recent versions, you fortify your site's defenses and reduce the risk of reinfection. Regularly check for updates and apply them right away. However, exercise caution while updating, as certain outdated plugins may no longer be compatible. Before proceeding, verify the compatibility of plugins and themes with the latest WordPress version. Consistent updates bolster your site's security, resilience, and overall performance, elevating your defense against future attacks.

Scan for Malware:

Conducting a thorough malware scan is crucial to identify and eliminate malicious code from your WordPress site. Utilize reputable security plugins or external scanning tools specifically designed to detect malware. These scans thoroughly examine your site's files and database, pinpointing any suspicious or unauthorized code that hackers may have injected. Swiftly removing malware helps restore your website's integrity and prevents it from being used as a vehicle for spreading harmful content. Regular malware scanning and robust security measures are crucial in safeguarding your WordPress site from potential cyber threats.

Review User Accounts:

Review your website's user accounts carefully to identify suspicious or unauthorized entries. Delete any accounts that seem unfamiliar or raise security concerns. By ensuring your user list is clean and limited to legitimate users, you can reduce the risk of unauthorized access by "hackers" and potential security breaches on your WordPress site. Regularly monitoring user accounts is a vital step in maintaining and increasing the security and integrity of your website.

Remove Suspicious Content:

During your website's recovery process, thoroughly inspect and remove any malicious or unauthorized content the hackers added. That includes suspicious files, spammy posts, unauthorized advertisements, or other content compromising your site's integrity. Deleting such content is crucial to prevent further harm to your visitors, protect your site's reputation, and maintain a safe user experience. Additionally, consider conducting a comprehensive security scan to ensure all remnants of the hack are eradicated and your site is restored to its original, secure state. Regularly monitoring for unusual content will help you promptly detect and address potential security breaches.

Secure Access Points:

To strengthen access points and fortify your website's security, consider implementing two-factor authentication (2FA) for user logins. That additional layer of protection requires users to provide a second verification, typically through a mobile device, before gaining access. Additionally, restrict login attempts to prevent brute-force attacks. Limiting the number of login tries discourages malicious actors from guessing passwords repeatedly. These essential security measures significantly reduce the risk of unauthorized access and bolster the overall security posture of your WordPress site.

Implement Security Measures:

Take proactive steps to implement security measures for your website. Start by setting up a Web Application Firewall (WAF) to filter and block malicious traffic, protecting your site from potential attacks. Integrate security plugins like Wordfence or Sucuri to scan for malware, vulnerabilities, and suspicious activities regularly. These plugins can also help you enforce login security, detect unauthorized changes, and receive real-time alerts. Additionally, establish a routine of consistent monitoring to identify and address any security issues promptly. Combining firewalls, security plugins, and vigilant monitoring creates a strong defense against cyber threats and safeguards your WordPress site from potential attacks.

Regular Backups and Updates:

Regularly scheduling backups and software updates is essential for maintaining a secure WordPress website. Backups create copies of your site's data, ensuring that you can recover your website to a previous, clean state during a hack or data loss event. Set up automatic backups regularly, preferably to an external location or cloud storage. Additionally, stay vigilant in updating your WordPress core, themes, and plugins to their latest versions. Updates often include WordPress bug fixes and security patches that protect against known vulnerabilities, reducing the risk of exploitation by hackers. Combining backups and updates provides a safety net and enhances overall website security.

Clean Out Your Sitemap and Resubmit to Google

One possible reason for a website being flagged by search engines is a compromised sitemap.xml file. In some instances, hackers may inject harmful links and foreign characters into the sitemap. You can regenerate your sitemap using an SEO plugin to address this issue. Additionally, you must inform Google about the cleanup by adding your WordPress website to Google Search Console as "Site Owner" and submitting a sitemaps report. However, it's important to note that the crawling process may not happen immediately; it could take up to two weeks for Google to re-crawl your site after the cleanup. Patience is essential during this period, as there is no way to expedite the process.

Remember, the sooner you address a hack, the better your chance of recovering your website and preventing further damage. Act quickly, stay vigilant, and prioritize security to safeguard your WordPress site effectively.

Steps on how to prevent Your WordPress website from being Hacked

A prevention strategy for your WordPress site from being hacked is a crucial step to ensure the security and integrity of your website. Here are some essential steps you can take to enhance the security of your WordPress site:

Keep WordPress Core, Themes, and Plugins Updated:

Keeping the WordPress core, themes, and plugins updated is an essential step to maintaining the security and stability of your website. Regular WordPress updates often include bug fixes, security patches, and performance improvements that help prevent potential vulnerabilities and hacking attempts. Neglecting updates can expose your site to known exploits and compromise sensitive data. By keeping your installation of WordPress current with the latest versions, you ensure that your WordPress site remains robust and less susceptible to cyber threats, providing a safer experience for both you and your visitors. Check for updates periodically and apply them promptly to fortify your website's defenses.

Use Strong and Unique Passwords:

Using strong, complex, unique passwords is fundamental to enhancing website security. Weak passwords are easily guessable, making your site vulnerable to brute-force attacks. Ensure that passwords are a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using easily identifiable information in passwords, such as birthdates or names. Employing different passwords for each account adds an extra layer of protection, preventing hackers from gaining unauthorized access by 3rd party to multiple accounts in case of a breach. Implementing these password guidelines reduces the risk of a successful hacking attempt.

Use Security Plugins:

Leveraging security plugins is an effective strategy to bolster the protection of your WordPress site. Security plugins offer various features like firewall protection, malware scanning, brute force attack prevention, and real-time monitoring. These plugins can help detect and mitigate potential threats, offering an added layer of security beyond the default WordPress settings. Installing reputable security plugins can proactively safeguard your website, minimize the risk of hacking attempts, and gain valuable insights into potential vulnerabilities to address before they become serious security issues.

Backup Your Site Regularly:

Regularly backing up your site is a crucial aspect of maintaining website security. In the event of a planned cyber attack, server failure, or accidental data loss, having up-to-date backups ensures you can quickly restore your site to its previous state. Choose a reliable backup solution that automates the process and stores backups securely in an external location or cloud storage. By regularly scheduling site backups, you can protect your valuable content and configurations, offering peace of mind in the face of potential security incidents.

Protect the wp-config.php File:

Protecting the wp-config.php file is essential for securing your WordPress site. This file contains sensitive information, including database credentials, making it a prime target for hackers. To enhance its security, move the wp-config.php configuration file to a directory outside the web root or use server configurations to restrict access. Doing so prevents unauthorized parties from accessing or manipulating this critical file. Additionally, regularly monitor your server for any unusual activities that could indicate a potential breach and take prompt action to address any security concerns.

Use SSL Encryption:

Implementing SSL encryption is crucial for website security. SSL (Secure Socket Layer) encrypts data transmitted between your web server and the user's browser, ensuring that sensitive information like login credentials, browsing data, and payment details are securely transmitted. That protects against eavesdropping and data interception, enhancing trust and safety for website visitors.


In conclusion, safeguarding your WordPress site from potential hacking threats requires a proactive approach. Regularly updating core components, using strong passwords, employing security plugins, backing up data, and implementing SSL encryption are vital measures to fortify your website's defenses. You can maintain a safe and reliable online presence by prioritizing security best practices.

Useful links / Resources

  • How to Remove Malware & Clean a Hacked WordPress Site (Sucuri)

  • My WordPress website was hacked (Official guide by WordPress.org)

  • 12 Signs Your WordPress Site Is Hacked (WP beginner)

  • WordPress Hacked: What to Do When Your Site Is in Trouble (Kinsta)

  • How to Clean a Hacked WordPress Site (Wordfence)

  • Support Article (in Spanish)

  • Support Article (in Portuguese)

  • Go back to Web750