Is your WordPress hacked? here is how to repair it yourself. But if you are feeling uncomfortable in these kind of backend things, I strongly suggest you to contact a developer to do this.

No Matter what CMS/Platform you are using you are vulnerable to hackers. Any site can be hacked at anytime!! So it is a better idea to take the next step to make your site secure enough to face those bad guys. Learn more about how to secure your wordpress site.

The first layer of protection to your WordPress sites is your passwords. You should always use strong passwords on your WordPress site. I know it’s hard to remember those long and strong passwords. So the best choice is to use a password manager like Lastpass, 1Password etc.

When you find out your site is hacked, check the following list as the first thing.

  • Can you login to your WordPress admin panel?
  • Is your WordPress site redirecting to another website?
  • Does your WordPress site contain illegitimate links?
  • Is Google marking your website as insecure?

If you can login to the admin panel change the password immediately. Look in the users section of WordPress to make sure only you and your trusted team members have administrator access to the site. If you see a suspicious user there, delete him immediately.

Now Contact your hosting company.

Most hosting companies are very helpful in this situation. They have experienced team who face these kind of things regularly. They know how to deal with this better than we do. And they know their hosting environment and may be able to give you additional information about the hack such as how it originated, where the backdoor is hiding, etc.

If you have a backup..

Move forward and replace the website with the backup you have. If you don’t have a backup, or your website had been hacked for a long time, and you don’t want to lose the content, still you can manually remove the hack.

Malware Scanning and Removal

First of all check what are the themes and plugins you are not using. Delete them all. Most of the time hackers are hiding their backdoor in those areas. Most hackers place them as the first things to gain access to the website at anytime they want.

* Backdoor is the method of bypassing normal authentication and gaining the ability to remotely access the server. This allows them to regain access even after you find and remove the exploited plugin.

How to scan

There are free plugins to do that. Here I have mentioned two of them

Sucuri WordPress Auditing

Theme Authenticity Checker (TAC).

After you found where the problem is, you can remove the malware code manually or you can replace the affected file with the original file.

If your theme files are affected you can download a new copy of the theme and replace them. But keep in mind that it will remove all your custom editing to the files if you had any. Repeat this step for any affected plugins as well.

As the final step change all passwords again. If you have a lot of users on your site, then it’s good to force a password reset for all of them.