edelosoft
software design & development
About Services Pricing Work Cases Latest News Contact
How to Recover From Being Hacked in WordPress: A Complete Guide
Date: April 28, 2025

WordPress powers over 40% of the web, making it an attractive target for hackers. Even with good security practices, no site is 100% immune. If you suspect or confirm that your WordPress site has been hacked, acting quickly and methodically can make all the difference.

Here’s a step-by-step guide on how to recover from a WordPress hack and strengthen your site for the future.

1. Stay Calm and Assess the Situation

First, take a deep breath. Panic can lead to rash decisions that might make things worse. Quickly determine:

  • Is the site fully down, defaced, or just behaving oddly?
  • Do you have recent backups available?
  • Is customer or user data potentially compromised?

Gather information before taking drastic action.

2. Put Your Site in Maintenance Mode

You don’t want visitors (or search engines) seeing a compromised site.

  • If you can still access WordPress, install a maintenance mode plugin.
  • Alternatively, temporarily disable the site at the server level (e.g., rename the index.php file).
  • Notify your users through a holding page that maintenance is happening without mentioning the hack (to avoid unnecessary alarm).

3. Change All Passwords

Immediately reset:

  • WordPress admin passwords
  • Database passwords (through your hosting control panel)
  • FTP/SFTP credentials
  • Hosting account passwords

Use strong, unique passwords. Consider enabling two-factor authentication (2FA) everywhere possible.

4. Identify the Hack

Look for symptoms:

  • Unknown admin users
  • Modified core files
  • Unfamiliar plugins or themes installed
  • Strange code (like base64 encoded chunks) in files
  • Redirects to suspicious websites
  • Google warnings about malware

Tools like Wordfence, Sucuri SiteCheck, or your hosting provider’s malware scanner can help detect malicious files.

5. Restore a Clean Backup (If Available)

If you have a backup from before the hack:

  • Verify it’s clean (scan it if possible).
  • Restore both the database and files.
  • Update everything immediately after restoring (core, plugins, themes).

Important: Restoring without patching vulnerabilities will likely result in another hack.

6. Manually Clean the Site (If No Backup or Partial Recovery Needed)

If no clean backup exists:

  • Reinstall WordPress Core Files: Delete everything except wp-content and wp-config.php, then upload fresh WordPress files from WordPress.org.
  • Delete and Reinstall Plugins and Themes: Remove all plugins and themes, reinstall fresh copies from trusted sources.
  • Scan and Clean wp-content: Manually inspect for unfamiliar files, especially in uploads and themes folders.
  • Check Database: Look for suspicious content in wp_options, wp_users, and other tables.

If cleaning manually sounds overwhelming, it may be best to hire a professional or use a trusted malware cleanup service (like Sucuri or Wordfence Premium).

7. Update Everything

Hackers often exploit outdated software. Once you regain control:

  • Update WordPress to the latest version.
  • Update all themes and plugins.
  • Remove any unused or abandoned plugins/themes.

8. Harden WordPress Security

After recovering, harden your site to prevent repeat incidents:

  • Install a reputable security plugin (e.g., Wordfence, Sucuri, iThemes Security).
  • Disable file editing inside WordPress (define('DISALLOW_FILE_EDIT', true); in wp-config.php).
  • Limit login attempts.
  • Use strong security headers (like Content Security Policy, X-Frame-Options).
  • Enforce HTTPS across your entire site.
  • Consider moving to a managed WordPress host with built-in security.

9. Notify Affected Parties

If sensitive customer or user data was exposed, you may have legal obligations to notify them. Be honest and transparent. Check if you must also report the breach under regulations like GDPR, CCPA, or others.

10. Monitor Your Site Closely

After recovery:

  • Regularly scan your site for malware.
  • Set up uptime monitoring (e.g., UptimeRobot, Pingdom).
  • Check your Google Search Console for any security warnings or manual actions.

Security is not a one-time task — it’s ongoing vigilance.

Conclusion

Getting hacked is stressful, but it’s not the end of the world. With quick action, a methodical recovery plan, and improved security practices, you can bounce back stronger than before. Most importantly, learn from the experience to minimize future risks.

If you need more help, it’s never a bad idea to consult WordPress security experts to ensure your site is fully clean and fortified.

Still need help?

If you got hacked and you still can't recover your site, we'd be happy to assist you? Contact us or click on our online services for fast recovery

We can help