Guide To Successfully Recovering From A Hacked WordPress Website

So, you're a victim of a Hacked WordPress Website? Many of us spend our time online creating great content for others to enjoy. Whether it be for enjoyment or part of your master SEO plan in the works. Then, one morning you awake to find your content gone or website defaced by some unknown entity. Many a times the first reaction would be to panic and call 911, however, this is not such a time. You need to act quickly to reclaim your website before search engines themselves realised you have been hacked and blacklist your website.

First Mission

Scan all systems used to access your server and by extension your WordPress website. You need to ensure the vulnerability did not start with you and your machines so this should be first on the agenda. Once you can safely rule out your machines, we move on to the next mission

Second Mission

Scan your server and system files with a reputable online malware and virus scanner. You can also download your files to a quarantined area of your hard drive for scanning as well to see if your machine's antivirus software will be able to pick up on any malicious code.

Third Mission

Change all passwords. I am not only talking about the WordPress admin password. I am also speaking of server passwords, cPanel logins, ftp usernames and passwords also change your secret keys used for the WordPress sessions. This will revoke any active logins with the old usernames and passwords for your WordPress website. So yes, it is highly important you change these right away!

Fourth Mission

Many people might say to backup the current site but the best thing to do would be to restore from a previous known safe copy of your website. This will have an adverse effect on your content especially if your blog or website incurs many changes in a short space of time however the pros grossly outweighs the cons in this situation. Before you actually do a full database and content restore I would recommend dumping the current database and performing a fresh install from the WordPress website itself, then performing the restore function. This will ensure your core files are malware code free!

Fifth Mission

Upgrade your entire website, change all passwords, ftp details and server access information again. Perform a full backup of your WordPress content and website. Your passwords should be changed regularly and as often as you can. You should use a password manager such as LastPass or KeePass to keep track of all the password changes you do on every different website.