What to do When Your WordPress Site is Hacked

We’re always being reminded of the security risks we face every day when we go online. Whether we’re making use of VoIP services or we’re simply trying to stay in touch with family and friends, there are constant threats to our privacy that we have to bear in mind. If you’re running your own WordPress site, you must be aware that there’s always the chance it could get hacked. But awareness is one thing, it’s quite another knowing what to do in the event that it actually happens.

With such a huge variety of WordPress sites – covering everything from office technologies to collaboration tools – there are a lot of potential targets for would-be hackers. And, indeed, more WordPress sites are getting hacked daily. So you need to ask yourself: what measures are you going to take if yours suffers the same fate? WordPress is the most hacked content management system (CMS) on the internet, so you have to be prepared. Of course, it’s important to have robust security measures in place. But hackers are remarkably resourceful, and can always find new loopholes and weaknesses to exploit.



Moreover, being hacked can do potentially immense reputational damage, especially if you’re trying to run an online shop. If your landing page gets hacked and used to promote other sites, sell illegal supplies, or simply redirect to another site, that can only do you harm in the eyes of customers. After all, consumers are a watchful and wary bunch – anything that suggests your website isn’t reputable (even if it’s no fault of your own) is likely to take a big toll on their confidence. This means they’ll most likely take their custom elsewhere, costing you valuable revenue.

So, let’s say the worst has happened and your WordPress site has been hacked into. What do you do next? Well, to help you get a better idea of what steps to take, we’ve assembled this handy guide providing some top tips. Read on to find out more.

Signs your WordPress site has been hacked

Before we do anything else, it’s worth listing some tell-tale signs that your WordPress site has been successfully breached by a hacker. It’s not always immediately obvious (at least, not as obvious as you might think), so it’s a good idea to be aware of the likely signs that your site has been hacked. Here are some giveaways to watch out for:

  • You can’t log in. If you find that you can’t log in to your WordPress site, it’s possible that a hacker has got in and changed the password. But it could be, of course, that you’ve just forgotten it (easy to do if you haven’t had to enter it for a while). So, make sure it isn’t just that! Try resetting your password and see if you can gain access to your account that way. If not, you may have been hacked.


  • Your site is redirecting elsewhere. Hackers often redirect to their own sites once they’ve gained access to other people’s. If your WordPress site is redirecting people somewhere else or there are dubious links you haven’t inserted, this may be a good indication that it has been hacked. Make sure you check with any other site administrators that they haven’t made the changes themselves, however.
  • Your site looks different. If you find that your WordPress site suddenly looks completely different to how you left it, it may have been hacked. Again, if anyone else has administrator privileges for your website, then ask them about the changes before leaping to conclusions. It may be that they’ve changed the design without telling you.

Alternatively, your browser or Google may display a warning to advise you that your website might have been the subject of a security breach. You may also suddenly find that the site is running much slower than it would normally; this again might be an indication that a hacker has breached its security arrangements.

How to Fix a Hacked WordPress Site

We’ve heard a lot in recent years about the digital transformation that’s been taking place all around us. We’ve all seen for ourselves the rapid changes to the way we do business and communicate with one another as a result. If anything, this makes it doubly frustrating when you do all the right things to reach a wider consumer base, only to find yourself undone by the malicious intentions of a hacker.


But even if you are unlucky enough to have your site hacked, there’s no need to panic right away. There are steps you can take to bring the situation under control and regain the upper hand over the hackers. Here’s a concise, step-by-step run-through of what to do.

Keep Calm and Identify the Hack

As we’ve noted, the first thing you need to do is keep a cool head. It’s easy to let your imagination run wild when you suspect you’ve been hacked, but it won’t help you in your efforts to get a grip on the situation. Even if your site has been hacked – and that’s what you need to establish before doing anything else – that doesn’t necessarily mean that everything is lost.

So, the next thing you’ll have to do is identify the nature of the hack and how it’s taken place. Think about the points we’ve already addressed about how to know when your site’s been hacked into. Can you log in? Is the site redirecting elsewhere? Does it look different? Are you receiving any warnings from Google or from your browser? Make a note of any relevant information, as you’ll need it later on.

Get in Touch with Your Hosting Company

Once you’ve got more information on your suspected hack, the next thing you need to do is contact your hosting company. They’ll be used to dealing with situations like this – don’t forget, hacks are all too common – so you should find them to be very helpful and knowledgeable. Explain the situation to them and ask them for more information about any next steps you should take. They might ask you to share screen online, so follow whatever instructions they might give you.

In cases where your website is hosted on a shared server, you should be able to establish whether the hacker has accessed your WordPress site via another site on the same server. Your hosting company should look into the matter for you, and from there they should be able to provide you with information on how the breach came about. This may include where to find the backdoor to your site through which they gained access. Call them via their contact center solution urgently if you suspect you’ve been hacked.

Restore an Older Version of Your Site from Backup

Any security expert worth their salt will tell you (probably until they’re blue in the face) about the importance of making regular backups. These are vital because they could allow you to restore your site using an older version, from before your site was breached. In the event of a hack, this is likely to prove invaluable in helping you get everything back on track. If you don’t have a backup you can use, then you might be able to manually remove the hack. This, though, is a time-consuming procedure – so making regular backups is hugely important.

Restoring from an old backup will mean that the entire site reverts back to that version. Any changes you’ve made between the time you created the backup and when your site was hacked will be lost. This is why it’s so important to create backups at regular intervals, so you can minimize any disruption should you have to restore your site after a hack. Restoring your site doesn’t eliminate the vulnerabilities which the hackers exploited, so once you’ve completed the restoration you’ll need to beef up your security measures.

Scan and Remove Malware

Outdated files can provide hackers with relatively easy access to a website. Once they’ve gained that access they can create a backdoor (allowing them to bypass normal authentication) which they can then continue to exploit in the future. The most effective way of preventing hackers from gaining access to your site in this way is simply to keep your files properly up to date. Make sure you regularly delete any inactive or outdated WordPress themes and plugins; this will provide hackers with less of an opportunity.


Check User Permissions and Change Passwords

Once you’ve regained control of your site, restored it, and cleared it of any malware, you need to check exactly who has access to it. Make sure that only people who need administrator privileges have them. Change all passwords and security keys associated with your site. Ensure that any video conferencing security arrangements are robust so that communications between you and any other administrators are kept safe and confidential. 

You’ll also want to make sure that when choosing new passwords, they’re suitably strong and robust. A password generator should help you come up with a combination that’s strong enough to bamboozle any would-be hackers.

(This is a guest post contribution from John Allen of RingCentral US.)

Bio: John Allen – RingCentral US
John Allen is the Director and Global SEO at RingCentral, a global UCaaS, VoIP and teleconference services provider. He has over 14 years of experience and an extensive background in building and optimizing digital marketing programs. He has written for websites such as Hubspot and Toolbox.