My WordPress is Hacked – What Do I Do Now? (Complete Guide)

My WordPress is Hacked – What Do I Do Now?

Panic. That's the first feeling when you discover your website has been hacked. Strange links, redirects to casino sites, or Google warning visitors.

Take a deep breath. Your site CAN be saved, and here's exactly how.

Emergency situation?

If your site is actively spreading malware or you're losing money every minute, contact me directly for emergency help. I offer same-day cleanup.

Signs That Your WordPress is Hacked

Not sure if you're hacked? Here are the most common symptoms:

Obvious Signs

Site redirects to other websites (often casino, porn, or phishing)
Google shows "This site may be hacked" in search results
Hosting shuts down your site
New users with admin rights you didn't create
Strange content or links you didn't add

Hidden Signs

Suddenly very slow site
Mysterious files in FTP (often with random names)
Unknown plugins installed
Changes in the .htaccess file
Spam emails sent from your server

Hackers have become skilled at hiding. Often you don't discover the hack until Google or your hosting reacts.

Step-by-Step: How to Clean Your Hacked WordPress

Go into panic mode (not panic)

Take a backup of the hacked site FIRST. Yes, even the infected version. You may need to analyze what happened.

Change ALL passwords

Immediately. WordPress admin, FTP, hosting panel, database. Use strong, unique passwords.

Scan for malware

Use PatchStack or Wordfence to scan. They find most known malware types.

Remove infected files

Delete unknown files, clean infected ones. Replace WordPress core files with fresh ones from wordpress.org.

Check database

Search for suspicious scripts in the database (especially wp_options and wp_posts tables).

Update EVERYTHING

WordPress, all plugins, all themes. Outdated plugins are the #1 entry point for hackers.

Install security

PatchStack or Wordfence firewall. Two-factor authentication on all admin accounts.

The Most Common Ways WordPress Gets Hacked

1. Outdated Plugins (60% of all hacks)

This is by far the biggest cause. An old plugin with a known security hole = open door for hackers.

Solution: Keep ALL plugins updated. Delete plugins you don't use.

2. Weak Passwords

"admin" as username and "password123" as password. It takes seconds to break.

Solution: Strong passwords + two-factor authentication.

3. Insecure Hosting

Cheap shared hosting with hundreds of other sites. One infected site can spread.

Solution: Quality hosting with isolation between sites.

4. Nulled Themes/Plugins

Pirated versions of premium themes and plugins. They often come with built-in malware.

Solution: ONLY use official sources. It's not worth the savings.

5. No Security Measures

No firewall, no scanning, no monitoring.

Solution: Basic security setup (see below).

How to Prevent Future Hacks

Must-Have Security

These things are not optional:

Updates – Keep WordPress, plugins, and themes updated always
Strong passwords – At least 12 characters, combination of everything
Two-factor authentication – On all admin accounts
Security plugin – PatchStack (virtual patching) or Wordfence (free)
Backup – Daily automatic backups (WPvivid or similar)
SSL certificate – HTTPS is standard now (free via Let's Encrypt)

Nice-to-Have Security

Extra layers of protection:

Hide login URL (change /wp-admin)
Limit login attempts
Disable file editing in WordPress
Web Application Firewall (WAF)
Security headers
Regular security scans

You don't need everything at once. Start with the must-have list and expand from there.

What Does It Cost to Clean a Hacked Site?

Do-It-Yourself

Time: 4-20+ hours (depending on severity)
Risk: You might miss something and get hacked again
Price: Free (except your time)

Professional Cleanup

Time: Typically 2-4 hours for an expert
Result: Thorough cleaning + securing
Price: $200-600 depending on scope

Service Agreement with Prevention

Ongoing monitoring and updates
Quick response if something happens
Price: $50-150/month

It's cheaper to prevent than to clean. A service agreement often costs less than one cleanup.

When Should You Seek Professional Help?

Contact a professional if:

You don't know how to do things safely
The hack returns after your cleanup
Your site is spreading malware to visitors
Google has blacklisted your site
You're losing money every day the site is down
You have a webshop with customer data

Checklist: After Cleanup

Use this list to ensure everything is in place:

☐ All passwords are changed
☐ WordPress core is reinstalled
☐ All plugins are updated or deleted
☐ Theme is updated or replaced
☐ Database is checked for malware
☐ Security plugin is installed
☐ Two-factor authentication is activated
☐ Backup system is in place
☐ Google Search Console is checked (request review if blacklisted)
☐ Hosting is informed (if they shut down the site)

Frequently Asked Questions

Can I just restore an old backup?

Maybe. But if the hack happened a long time ago, your backup might also be infected. And you're also restoring the security hole that allowed the hack.

Should I change hosting?

Not necessarily, but consider it if:

Your current hosting is very cheap shared hosting
You've been hacked multiple times
Hosting doesn't offer basic security features

How long does cleanup take?

Simple malware: 2-4 hours Complex infection: 4-8 hours Severe infection with database compromise: 8-20+ hours

Can hackers see my customers' data?

Potentially yes. If you have a webshop, you should:

Check if payment data is compromised
Inform affected customers
Consider GDPR reporting

How do I know the site is completely clean?

Scan with multiple tools (PatchStack + Wordfence + VirusTotal). Manually check for suspicious files. Monitor the site in the weeks after for signs of recurrence.

Prevent the next hack

A WordPress service agreement reduces risk and ensures fast response.

Conclusion

A hacked WordPress site is stressful, but it can be fixed. The most important things are:

Act quickly – The longer you wait, the worse it gets
Clean thoroughly – Half the work = hacked again
Prevent the future – Learn from the mistake and secure yourself properly

Emergency help

Is your site hacked right now? Contact me for emergency cleanup. I offer quick response and same-day service in critical situations.

And remember: It happens to the best. Even large companies get hacked. What matters is how you react.