How to recover a hacked WordPress website?

Recover a hacked WordPress website

WordPress is highly vulnerable to hacker and bot attacks because of its popularity. With the increasing number of attacks, even your site can be compromised. According to Wordfence, over 90,000 hack attempts are made on WP sites every minute.

The team at InternetDevels explains how to indicate whether your platform has been compromised and how to recover a hacked WordPress website.

How do you know if your WordPress site has been hacked? 

How vulnerable is your website? Conduct regular check-ups to see if any core, plugins or themes updates are required. If any updates are missing, there is almost 100% chance you will be hacked soon — if you have not been already. Hackers use special automated tools to crawl the web in search of unsecured sites and infect them with malicious code.

There are certain signs that might mean your WordPress website has been hacked:

  • unfamiliar users with administrative permissions and roles
  • files with some unusual naming in the website code
  • redirects to pages that are not supposed to be there
  • unrelated data on the website

Google will also flag your site as hacked or harmful if its search bots find any suspicious or unusual activity on it.

If you don’t have coding skills, hire a web development team that will check the platform for vulnerabilities. Interrupting the code without proper knowledge may crash your website.

Tips to recover a hacked WordPress website

1. Find out what has happened

Your first step should be identifying how the hack affected your website. Go through your website and try to answer these questions:

  • Is Google marking your site as insecure when you try to access it?
  • Is your site redirecting elsewhere?
  • Can you still log in to the WordPress admin panel?
  • Is there anything (new links or pop-up ads) that you didn’t put on your website?

Change your passwords before starting the cleanup. You will also need to change your passwords once more when you’re done with recovering a hacked WordPress website.

2. Contact your hosting provider

Most reputable hosting providers can help you recover a hacked WordPress website. Start by contacting your web host via phone or live chat and follow their instructions.

Sometimes it happens that the hack affects many websites, especially if they are on shared hosting. Your web host may even be able to fix the site for you. However, if the hosting provider is no help, follow our further instructions.

To avoid hacks at the server side, make sure your hosting provider is reliable and responsible. Here at InternetDevels, we offer cost-effective hosting solutions.

3. Restore a backup

This tip is the most helpful one when you need to recover a hacked WordPress website. If you have backups for your WordPress website, the best solution would be to restore infected content. Note, that you need a website maintenance company who will back up your site daily just in case a problem like this occurs. The support team will also restore all the data in case your site is hacked.

If you don’t have a backup, and you don’t want to lose the content, you’ll have to manually remove the hack.

4. Find and remove the hack

Delete all the inactive themes and plugins, because hackers usually put their malicious code in them. After that, run a full scan on your site using special security scan software like WPScan. Follow the instructions your scan plugin provides and ask it to run a deep scan of the entire website. You’ll get a list of files that have been infected or compromised.

5. Secure user accounts

Now when you succeed and recover a hacked WordPress website, secure it by contacting a WordPress support team who will implement special security measures.

Hire professionals to recover a hacked WordPress website

To keep your WordPress website secure, keep your software updated. A team of WordPress experts at InternetDevels can monitor your website 24/7 and perform all the necessary updates to keep the platform safe and prevent hacks.

It’s much easier to prevent attacks than to recover a hacked WordPress website. Think about your website security in advance. Contact InternetDevels web development company for regular backups, a website maintenance plan or any support regarding your hacked website.

1 vote, Rating: 5

Read also


One of the best things about using a CMS is a possibility to build pages with no coding skills. WordPress CMS has a number of plugins for that. They can build anything — from a simple page section...


Brute Force attacks can easily crash your digital platform. Learn how to protect the Wordpress website from brute force attacks.


Nowadays, organizations prefer to adapt DevOps and migrate their apps to the cloud. Discover how you can benefit your website with Google Cloud DevOps tools.


Landing pages are created to convert. Discover how to create e-commerce landing page in WordPress and boost your sales.


What could be more exciting than being acknowledged by a reputed research firm as one of the top companies around the world? InternetDevels company is ranked in Clutch lists of top web development...

Subscribe to our blog updates