There is nothing more aggravating than not knowing where to turn when your WordPress website has been compromised. Many hosting firms would just suspend the customer's account and instruct them to "repair it." We believe that this just makes a poor choice worse. At Hostingli, we strive to assist our clients affected by this tragic scenario as much as possible so that they may resume normal operations as soon as feasible.
Preventative Maintenance
Obviously, it's much better to prevent a hack from taking place.
If you've been fortunate enough to never have your WordPress compromised it's likely you've followed these:
- Use strong cPanel, FTP, Email, WordPress credentials (i.e. passwords with letters, numbers, special characters)
- Keep WordPress core files updated along with plugins and themes
- Regularly keep your own backups
- Use a good WordPress security plugin
Nightly Malware Scanning
Hostingli attempts to help you be proactive by routinely scanning accounts for Malware each night. When found, the files are destroyed automatically, preventing the majority of assaults from progressing too far (i.e. infecting the entire cPanel account). However, it is essential to realise that the account was still injected with malware, indicating that your website has a vulnerability that has to be corrected. Follow the procedures below to secure your installation.
Before proceeding, it is essential to have a FULL backup of your account. This may be generated using cPanel > Backups > Download A Full Backup.
Replace Core WordPress Files
When harmful material has been introduced into your WordPress website, you should immediately replace the core WordPress files with clean versions. You may simply get them from WordPress.org and upload them using your preferred FTP client (such as Filezilla). If you're not using the most recent version of WordPress, you must obtain the right version and update as soon as possible.
Update Themes And Plugins
After securing the core WordPress files and upgrading to the most recent version, you must replace ALL themes and plugins with fresh ones. The majority of plugins may be updated inside your wp-admin under the Plugins menu. If you have a custom theme, you may be required to visit the theme developer's website to obtain the most recent files. If you have a totally customised theme, your developer may need to help you with the upgrading.
Scan With Wordfence
The free version of WordFence's security plugin includes Malware scanning. Once everything has been updated, it is essential to perform a scan to see whether any new threats have been discovered. WordFence will also request your email address in order to notify you when a plugin, theme, or core file requires an update. In addition, they have a robust firewall that will deter certain hacking efforts.
Change All Passwords
If your WordPress website has been hacked, you need to assume all of your passwords have been compromised.
You need to change everything:
- Master cPanel password
- All email account passwords
- All FTP account passwords
- All mySQL user passwords (make sure to update wp-config.php)
- Your WordPress admin password AND users
Use a secure password generator instead of a random string that might be susceptible to dictionary-based attacks when changing passwords.
If you have several WordPress installations in your cPanel, you must execute the steps above for each one.
Rebuild The Entire cPanel Account
If you have done everything and are still experiencing malware injections, spam, or other malicious behaviour, it is conceivable that your whole cPanel account has been hacked and must be reconstructed. This is the worst-case situation, yet it has really occurred. To have our staff deactivate the whole account, you must first take a complete backup of the account (cPanel -> Backups -> Download a full website backup) and then create a request. This may be done on your end if you have a Reseller account.
If You Don't Want To Do This Yourself
The most cost-effective way to recover from a WordPress hack is to perform the steps outlined above yourself. Nevertheless, if you're unwilling (or don't have the time), our team can do it for $75 per hour. Please submit a ticket, and our management team will provide you with a quote and then an invoice in order to commence work. Additionally, you can utilise a variety of third-party services. Submit a request for our recommendation of a reputable service provider.
How To Clean Up A WordPress Hack
If you fall victim to a WordPress hack, it's not the end of the world. However, after you have recovered, you should practise greater preventive maintenance so you do not have to go through it again.