what to do if you think your wordpress site has been hacked

what to do if you think your wordpress site has been hacked

what to do if you think your wordpress site has been hacked 150 150 digital devotee

Hacking seems to be on the rise recently so here are a few things to do that will make your WordPress site more secure and some steps to take if the dratted beasts have got to you.



Trouble can start at home so do a full scan of your computer.  Avira is a free tool if you haven’t got one installed yet.



Strengthen all the passwords associated such as:
Website admin
MySQL database [Note: You MUST change the password in your wp-config.php file to match your new database password or your site will stop working. You can find the file on your server via FTP .]

Try using the strong password generator like dinopass.  Or go to the next level with an app like 1Password.



Did you ask your host if other sites on your server are being effected?  It may not help but at least you will understand whether it’s a broader issue that your host is also addressing.

Your hosting package probably comes with a backup for the last couple of days, if you have been hacked it may be advisable to roll back to a previous backup of your site and then strengthen you security.



Make sure that your version of WordPress is always up to date as they often package in security updates to match the changing environment.  Good quality themes and plugins usually issue a new version to match an updated WordPress within a few days and you may decide to wait until that has happened.  Some plugins are so simple that they rarely need updates though.



Occasionally, even extremely popular premium themes/plugins will have an unexpected security flaw. In which case, it’ll most likely be big news in the WordPress blogosphere in short order so check the WordPress plugin page and Google the names for news.



If you have been hacked, one place to start looking to see how they got in is through your website logs.  You can find these on your server’s root directory with an FTP tool such as FileZilla.  Open the access_log file for the time period you want to check and note the POST entries.  This records access to your site – are the IP addresses all yours?  What were they accessing?



Backup your site so that you can restore it to a previous version if something catastrophic happens.  Check out tools like VaultPress made by Automattic who also make WordPress.


WordPress: FAQ My site was hacked
WordPress: Security

Taura Edgar

I am a digital marketing professional based in Hong Kong since 1998. I have developed and led digital teams to grow brands and have a wide background in strategy, conception, art direction and production for digital projects.

All articles by: Taura Edgar
    Privacy Preferences

    When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

    For performance and security reasons we use Cloudflare
    Google Analytics tracking code disabled/enabled
    Google Fonts disabled/enabled
    Google Maps disabled/enabled
    video embeds (e.g. YouTube) disabled/enabled
    View our TERMS OF USE
    Our website uses cookies mainly for analytics and content like YouTube. Define your Privacy Preferences and agree to our use of cookies.
    Skip to content