Incident response

Clean up Your WordPress Site after Hack and Secure it against Future Threats

Ali Qamar
February 19, 2015 by
Ali Qamar

WordPress is the most popular CMS (Content Management System) available nowadays online, used by the vast majority of all sites. If you have a look at this report, WordPress holds the lion share (60.6%) of the sites whose CMS we know and a total of 23.4% of all sites. It is easy to use and it offers great flexibility, with both ready and custom templates and a plethora of plugins to put into effect.

Learn Incident Response

Learn Incident Response

Get hands-on experience with incident response tools and techniques as you progress through nine courses.

Moreover, WordPress provides its users with the opportunity to enhance the SEO-friendly (and thus Google-friendly) nature of their site pretty smoothly and it also offers mobile-friendly themes. These are some of the major reasons why WordPress has been characterized as one of the most successful CMS options to date, and this is why it is the number one choice for many web designers, developers, tech freaks and even novices and tech-illiterate people who seek to find a simple yet effective tool for creating their site.

Due to its exponential growth and its universal popularity, WordPress is not immune to threats and hacking attempts. It is true that the more popular something is, the more likely it will be for others to seek compromising it in the long run. This is why it is not that rare a phenomenon to hear about WordPress sites having been hacked and not being able to function properly. Before we continue with our guide about cleaning up WordPress, it is important that we truly understand what website hacking is and what this can do to your site and your computer.

What Website Hacking is, and How it Affects You

There are two major types of website hacking that you should beware of, in order to ensure that you offer the best user experience to every single visitor and not compromise his or her overall security:

  • The first type has to do with the establishment of a backdoor; this means that the hacker leaves room for returning to your site whenever he feels like it and gaining access to places that should be out of reach for him. The difficulty in tracing this type of website hacking lies in the fact that this backdoor is not visible to the naked eye – and thus it can go unnoticed for a truly long time.
  • The second type involves the deterioration of user experience and the compromise of your site directly from the source. The visitors that click on your site can be redirected to other sites or get pop-ups on their screen as soon as they head to your home page. In addition, malware can be installed silently to the computers of your site's visitors, and of course this is never a good thing.

Now that we have comprehended what goes on in cases of WordPress sites being hacked, and before moving on to the process of WordPress database cleanup, it is time to highlight the signs that should alarm you that something is wrong with your site.

Signs that Reveal a Potential WordPress Hack

Even though the signs are not a perfect match to every single WordPress site that has been compromised, they offer some truly helpful information that should get you on your feet and urge you to dig deeper and see whether or not your site has indeed been hacked. Let's see these signs in the form of bullets:

  • Problems with e-mails: The hackers will start sending e-mails from your site, and you will most probably be blocked as spam mailer. This can affect your communication with others, as you will not even have a clue about your e-mail activity.
  • Bad content added to WP: You cannot control what content is added to your site, and this is in fact one of the major factors that ought to urge you to start cleaning up the mess.
  • Slow performance or crash: This is another indicator that you are in need of WordPress clean up after a hack. If you are experiencing too slow performance or if you see that your site has crashed, you should look no further.
  • Traffic drops significantly: You will most likely observe that you get no traffic at all or you have lost most of your visitors from one day to the next. Unless you have dealt with a matter of bad reputation recently, this should alarm you.
  • Website disappears: This is the most shocking sign that your site has been under attack. In some cases, the hackers remove everything from the site and thus take it down.

As soon as you have noticed some of these signs, it is high time to take matters into your own hands. Though this process is neither easy nor simple to complete, you can in fact repair your WordPress site and make sure that you shield it against any future acts of this sort.

How to Repair Your Hacked WordPress Site

From the very moment when you determine that your WordPress site has been hacked, you need to take some immediate actions and start working toward cleaning everything up and securing your digital premises. Let's have a look at what it takes for you to accomplish that:

  • Restore Your Site via Upgrade and Reinstallation: Make use of your backup and restore your site, so that it can keep running. Upon doing so, you need to be thorough while reinstalling all the plugins and additional tools that you have been using so far. It is important to reinstall them and then upgrade them to the latest version.
  • Scan and Cleanup Your Machine: If you had not installed an anti-virus program, please DO! This is essential, in order to highlight any red flags for you to consider. Scan the machine of yours in detail and fix any problems that emerge.
  • Change All the Passwords: Do not be sloppy when it comes to cleaning up WordPress. On the contrary, you ought to be really scholastic and change all the passwords that you have been using in e-mail accounts, financial transactions and anywhere else. Of course, it goes without even saying that you need to change the WP administrator password and get a new one (rather than the default that many users don't mind keeping).
  • Back up Everything: Besides being able to restore your site in the event of hacking or crashing, you can compare the backups with your current WP site and check for any alterations whatsoever.
  • Check wp-config.php File: If you come across any modifications when comparing your file with the wp-config-sample.php file, you had better change them.
  • Engage in Premium Security Solutions: Although it can be tempting to handle your WordPress site and its maintenance on your own or make use of your son's talent or the wit of your best friend, such options generally come with a greater percentage of risk. Instead, consider premium security solutions that will safeguard your site and deal with the proper WordPress maintenance required.
  • Any Uploaded File Should Be Copied: This will allow you to keep everything under control. Even in the discomforting event of a crash or any other problem getting in the way, you will know that you have got copies to turn to.
  • Fresh, New Version of WordPress: Do not settle for older versions of WordPress. Instead, be sure to get updates and have the latest version of WordPress that has fixed security issues and can keep you thoroughly protected.
  • Go through Every Post: This can take some time, but it is worth the trouble. You should go through every post of yours and identify any problem, in order to deal with it effectively.

How to Protect Your Site from Any Future Attack

As hacking is not a one-time deal, you will have to comply with some security precautions that help you maintain everything perfectly secured on your WordPress site. Below, there are some pieces of advice that you ought to consider for protecting your WordPress website from any malicious intent:

Learn Incident Response

Learn Incident Response

Get hands-on experience with incident response tools and techniques as you progress through nine courses.
  • Restrict Administrative Privileges: The fewer the people who access your admin panel, the less likely it will be for breaches to occur.
  • Scan on a Daily Basis: If you are vigilant and you do not neglect scanning your site daily for bugs and other vulnerabilities, the hack is less likely to succeed.
  • Use Secured Protocols: Instead of connecting with the use of FTP, you can go for SFTP or SSH for ensuring that it is infinitely more difficult for somebody to track you down.
  • Use 2-Verification: Make sure that you enhance your site's security using 2-step verification. This will result in the hacker requiring much bigger effort towards accessing your site.
  • Disable PHP Execution: You can find detailed instructions on how you can do that, since it will certainly help you out eliminate threats in the future.

From everything that has been analyzed in this article on cleaning up WordPress, this is a tough job – however, it is not impossible to complete and what you gain is truly remarkable; a fully protected WordPress site that does not compromise anything in terms of security and performance!

Ali Qamar
Ali Qamar

Ali Qamar is an Internet security research enthusiast who enjoys "deep" research to dig out modern discoveries in the security industry. He is the founder and chief editor at, an ultimate source for worldwide security awareness having supreme mission of making the internet more safe, secure, aware and reliable. Follow Ali on Twitter @AliQammar57