Hacked WordPress site? No matter how vigilant you may be at keeping your site updated, at some point you might find yourself the unfortunate recipient of a hacked WordPress site.
If this is you, I’m sorry for your headache! Hopefully, this post will help you through it!
I’ll show you practical tips for dealing with a hacked WordPress site and what information you need to know before you hire a hack specialist.
Then we’ll cover what you need to do after your site has been cleaned.
A list of site cleaning services I’ve used in the past is provided with pros and cons of each.
You can jump to a specific topic using the links below.
- What Information the WordPress Hack Specialist Requires
- Hacked WordPress Site Repair Services
- What to Do After Your Hacked WordPress Site is Cleaned
Hacked WordPress Site – Now What?
This past week was exceptionally hard for WordPress site owners when several popular and well-supported plugins were compromised and removed from the WordPress.org repository until they were patched.
Among those plugins included Social Warfare, WP Easy SMTP and WP Fastest Cache.
Since many of my clients are DIY site owners, they take responsibility for updating their plugins and themes.
The problem is if their site gets hacked, they don’t know where to turn.
And if and when they find someone ready to clean their site, they aren’t prepared with the essential information that the hack specialist will need.
Unfortunately, WordPress site hack cleaning is a service that is outside of my wheelhouse. But by working alongside clients with a hacked website I see what they have struggled with the most.
Make Sure You Backup Your Site Routinely
Hopefully, you’ve been doing routine backups. This is critical!!
Before doing anything else, try to restore your website from a good backup. But in order to know whether or not a backup is good, you’ll need to know when your site was hacked.
If it’s been hacked for weeks, then you’ll have weekly backups of your hacked site.
Many times having a good restore point is all that you need to do ~ that is, as long as the hacker didn’t leave a backdoor on the server where he can gain re-entry to your site.
And you won’t know that until the site gets hacked again. Just be sure that you are backing up your site on a regular basis and storing at least six months of backups but ideally a year’s worth.
So let’s get to the information you will need in order to expedite your site cleaning.
What Information the WordPress Hack Specialist Requires
You will need to provide the following information to your hack specialist so that they can access your hacked WordPress site.
WordPress Admin Access
- Your login URL such as https://yoursitename.com/wp-admin.
If you have moved the default login path, you must provide that URL to your specialist.
You will need to provide access to your web hosting server cPanel.
- cPanel Login URL: https://yoursitename.com/cpanel or https://yoursitename.com:2083
(Remember to replace yoursitename.com with your actual website domain name)
You may need to set up an account for this.
If you don’t know how to set up an FTP account, contact your host or follow the steps below:
- Login in to cPanel
- Click on FTP Accounts
3. The following screen will display:
Fill in the information as per the screenshot and make a note of it:
a) Log in: Log In Username (ie: support)
b) Domain: Select the domain from the drop down
c) Password: Select a strong password
d) Retype the password
e) Directory: Make sure the directory is set to public_html or home and not a sub-directory
f) Click Create FTP Account
If you have trouble using FTP to log into your WordPress site, please refer to this troubleshooting guide.
Once you have gathered this information, you are ready to hire a trustworthy company to do the site cleaning.
Hacked WordPress Site Repair Services
Listed below are several hack removal services I’ve personally worked with and referred clients to in the past. Each will get the job done but there are pros and cons to the services.
They all will require the information I outlined above: WordPress Login URL, cPanel access, and FTP access.
Once the site has been repaired, each service will provide you a report of what they did and steps you need to take to complete the process.
Companies that Provide Hacked WordPress Site Services
WordFence is the company behind the well-known WordFence plugin.
At present, their current pricing is unlimited pages for $179.
As part of the service, WordFence will install WordFence Premium ($99) onto your WordPress site and include a one-year subscription.
I recently used them and have mixed views on recommending them.
First, WordFence is wildly popular and well-known to most WordPress website owners. Their free plugin has been downloaded and actively installed on over 3 million websites. So I would be remiss to leave their hack repair service off of my list.
Communication is via email and WordFence was pretty good about replying to our repeated inquiries as to the status of our cleaning.
There is a caveat to using their service. WordFence uses high demand pricing, which means that they inflate their rates during high volume demand for their service. So currently, they are charging 1.4x the normal price level. This is to assure acceptable turnaround time.
A recent client waited 2 days for the specialist assigned to her case to actually start the work.
When she sent an email inquiry, she was told the following:
“A few priority orders have come in which unfortunately bumped your order down a bit. They should be able to start in the next couple of days at the latest though. I realize that probably sounds like a long time. If you want your order upgraded to priority just let me know ($100).”
Huh? Even though she paid the high-demand price to receive an “acceptable turnaround time” she was told that throwing an additional $100 in would bump her order back up. Something about this seems wrong to me. And to my client, too.
In the meantime, we had to put up a maintenance page on the server due to the spammy redirects on her hacked site.
My personal opinion is that a 2-day turnaround is a long time to wait when your site has been hacked. And we didn’t feel the high demand pricing gave us an acceptable turnaround time at all.
Sucuri (affiliate) uses a different pricing model. As of this writing, you have three price points from which to choose:
- Basic Plan: 12 hour response for $199.99/yr
- Pro Plan: 6 hour response for $299.99/yr
- Business Plan: 4 hour response for $499.99/yr
A 12 hour response time isn’t too bad compared to the 48 hour wait we had with WordFence.
Once you sign up with Sucuri, you receive access to the Sucuri Dashboard, which is where you click on support and open a Malware Removal Request.
One nice thing about Sucuri is that if you don’t know your FTP information, as long as you can give them login information for your hosting company or cPanel access, they will take it from there.
Your yearly subscription covers unlimited malware removal requests.
The Basic Plan can be slightly lower than what you’ll pay for other services.
The Pro and Business plans are a bit more pricey than the other options, but if you can afford them and don’t want to wait, either one of them is probably your best choice. And the malware removal service is good for the entire year.
WP-Fixit claims to have same day service and that has been my experience in the past.
Their service is the most affordable at a $97 one-time cost. If you need multiple sites cleaned, you can save $20 per site.
The one thing that surprised me was that they added the WordFence and Sucuri free plugins to the site. I didn’t expect the site configuration to be altered in any way.
So keep in mind you will end up with a few more plugins on your site than you had initially.
I have found that many site owners are frustrated by the lack of communication they experience during the stressful experience of a hacked WordPress site.
Though I haven’t used this service, the company comes highly recommended by colleagues and clients. And I like the fact that you can talk to a real person throughout the process.
HackRepair.com is a US-based company that actually has a phone number and a real person to talk to.
And they advertise they actually want to talk to you! You will speak directly to the person who will be cleaning your site.
I have heard that they may install security plugins as part of the clean-up. This may or may not be a deal-breaker for you.
What to Do After Your Hacked WordPress Site is Cleaned
There are specific steps that every reputable service will want you to take.
Please don’t ignore their recommendations and follow their protocol to ensure your site stays healthy.
Clear All Cookies and Caches
- First off, you will want to clear your browser cache and cookies to make sure you are getting the updated, clean version of your site.
- Then clear your site cache. If it has a local caching plugin, you can log into the WP-Admin area and click the “clear cache” button.
- If your site is on a CDN, purge that cache, too.
- If your host performs server-side caching, force a refresh on that.
Test your site and if all looks well, now is the time to change all of the passwords.
Yes, it’s a tedious thing to do, but any malware clean-up is not complete until you take this very important final step.
The reason it’s so important is because if a hacker was able to get to those passwords, it puts your site back into a vulnerable position to be compromised again and again.
So here is where to find those passwords and how to change them:
Update WordPress Administrative Passwords
- Log into your WordPress dashboard.
- Go to Users>All Users.
- Important! Delete any admin user that should no longer have access to your site.
- Next change passwords for remaining admin users by hovering over the user name
- Click Edit
- Update the password
- Click Save
Update Hosting Control Panel (cPanel) Password
- Log into your cPanel account. You can do this through your customer portal or through the following link https://yoursitename.com/cpanel or https://yoursitename.com:2083
- In Preferences, click Password & Security.
- You will be prompted to add your old password and then enter a new password and confirm it. It’s best practice to choose a strong password that you aren’t using anywhere else.
Update MySQL Password
- Log into your cPanel account.
- In Databases, click MySQL Databases
- You will need to select the MySQL admin user that is currently associated with your WordPress database.If you are unsure of who that is, you can check your wp-config.php file in the website root directory.
At the top of that file, you will find that info in the MySQL Settings.
In the following example, the database name is ‘mydb_dbname’.
The user is ‘mydb_myuser’.
/** The name of the database for WordPress */
/** MySQL database username */
- Go back to the MySQL screen.
- Scroll down to the Current Users section and click on “change password” for the user defined in the wp_config.php file:
- Select a new strong password and make a note of it.
- Change the password and save it.
- The wp_config.php file does NOT get updated. You need to do that manually.
- Open the wp_config.php file in a plain text editor. Modify the password value to match the new password and save the file.
- Test to make sure everything works.
Update the FTP Passwords
- Log into your cPanel account.
- Click on Files>FTP Accounts
- Change the FTP account password
Over to You
Hopefully this post will give you the tools and confidence you need to get your hacked WordPress site back up and running in no time.
Once you’re site is clean, you’ll want to make sure that you do everything to protect yourself moving forward.
Secure WordPress Site Set Up is critical to protecting your site from hacks and malware.
I also recommend that you get behind Cloudflare’s paid firewall. For $20/month you can rest assured that your site is being monitored 24×7 and protected from the latest threats.
I’m always on the lookout for companies providing this service and will pass along updated recommendations as they are vetted.
I would love to hear what other WordPress Site Hack cleaning services you have used.
Please add them to the comments and I’ll update my post accordingly.
Photo credit: Adobe Stock