How to Recover a Hacked WordPress Site

A couple of days ago, I did something I normally try to avoid; I took to social media to rant. This was after I received a disheartening message via email, which prompted me to contact my web host, but the tech support did everything but help matters, hence the need to air dirty linen on Twitter.

Being who I am, I would have chosen to let this matter slide, but the kind of support I received from my web host when I needed help the most sucked big time. It was both a shocker and an eye opener. Now I’m a dissatisfied customer shopping for a new web host.

I mean, what did they expect after such poor customer support? One of the reps had the audacity to ask me to move my site elsewhere if I was dissatisfied. The nerve. Please recommend a great host in the comments, and put a smile on my face  But apart from the shoddy customer service, what was the cause of my woes? Here’s the story behind this disheartening email.

 Recently, I fell victim to a really determined hacker who gained access to my WordPress site, eventually taking over my entire public_html directory. Or vice versa – I really don’t know how I was hacked as my web host failed to provide this info even after I inquired a couple of times.

Now, I had six WordPress sites living on this account. As a result of the hack, all of them were taken down as a security measure, which is totally understandable. But as the situation went completely out of control, traffic dwindled and I never received a single inquiry in the 72+ hours I was locked out of my businesses.

So I went to Twitter and made a lot of noise, after which a seemingly nice fellow named Matthew (thank you if you’re reading) came to my rescue. After Matt intervened I was able to recover my main site although it had suffered major blows in terms of core functionality. The other five websites weren’t as lucky, they had to bite the dust, leaving me with a bad taste in the mouth.

It was a frustrating and stressing experience especially with the little help I was getting from the support reps at Bluehost. Yes, I just snitched on you Bluehost. Suffice to say, this is the second time I have been hacked on their shared hosting package. I should start learning.

Disclaimer: My experience doesn’t discount the fact that you might been having a great time with the host – this is just my isolated experience.

What did Matt do differently? He made me a malware.txt file containing details of the corrupted files. Cleaning most of these files was easy, but it meant deleting important plugins and replacing core files that left my main site with serious incapacity. It was up though in no time, which was better than nothing.

I deleted the other five completely because they were corrupted and the backups – according to the support reps – were also corrupted. You know, like beyond repair. It’s a shame. Now I have to start work on five different websites, which is really disappointing for a big company such as Bluehost. Either way, I gave Matt a great review, but the other reps weren’t as lucky. But I’m still worried I might be hacked again, and it’s not the kind of mindset you need when running a business.

Ranting aside, getting hacked isn’t something you should ever wish on anyone, even your worst enemy. Even if you end up recovering your site, it will cause you unduly stress and cost you precious time and money. If your web host sucks like mine, you risk being hacked a second time. You will lose traffic and sales, and the bitter memory will take long to die. Your credibility lies on the line too, so yeah, getting hacked is no fun.

So what are you to do when some jerk somewhere hijacks your WordPress site, and destroys all the efforts; time, money and ambition, you’ve put in your project? Is there a number you can call? The internet police maybe? Is there a quick fix-it-all button you can click, and recover your site in minutes, rather than days?

Do you have to go through a harrowing experience like I did, or will your host of choice understand you’re already under stress for losing your digital assets? What is a WordPress user to do? Are hackers to be feared or can you protect yourself? Here are some tips that you can employ to hopefully never have an experience like I did.

WordPress Security

They say prevention is better than cure, and I agree. WordPress security is key. At the same time, no matter how hard you try, the bad guys always seem to know exactly where to hit and break into your fortified website. This I say because I was using top-of-the-class security plugins on my websites, but I was still hacked.

Whether you’re a WordPress neophyte or a seasoned webmaster, you should always look into bolstering your WordPress security as opposed to trying to recover your site when it’s already lying in pieces. Before we discuss how you can restore your hacked WordPress website, let’s see what’s available out there in terms of preventative measures. How can you better your chances of remaining unshaken even if/when hackers throw everything they got at your WP-based online business? Here’s the juice.

Invest in a Great Web Host

What makes a great WordPress host? We’ve discussed how to choose the best WordPress host in the past, so I won’t go into the finer details. However, let’s mention a few important considerations to keep in mind when selecting the perfect web host.

Price vs. Value

First of all, you shouldn’t look into “pinching pennies” with your hosting solution. Low cost of hosting is primarily why I chose and stuck with Bluehost. I had no idea this would turn around and bite me in the a**.

I have a simple question for you, mi amigo. Would you rather pay $4 per month and risk getting hacked (+ poor service) , or $29 a month and get stellar and personalized service that’s tailored for your business? How much is your peace of mind worth?

In the recent past, I was so sure I was saving money by paying $4 per month for hosting. Now I know better, and I am contemplating moving to managed WordPress hosting. Unless of course Bluehost is willing to massage my ego with a huge birthday cake, or something. I’m kidding of course, but they should look into their customer care. You should consider managed WordPress hosting as well, if you don’t want to lose your business later on.

The problem with the $4 a month shared hosting plans is your site lives with a million other sites on the same server, which means if one of the other sites is compromised, you’d be lucky to escape the onslaught. If you collect/store customer data on your site, you don’t want this kind of info falling into the wrong hands. If you’ve invested time and money in creating great content, you don’t need some hacker to reduce it all to a Viagra-peddling homepage, or worse, nothingness.

We need to relocate to managed WordPress hosting people. Many of the more affordable hosts are already offering managed hosting plans, and if we ramp up the demand perhaps the prices will come down as a result. Sounds like a plan, right? Moving on…

Quality Support

Do we even need to talk about why your web host should provide great support? Being available at a moment’s notice is great, but I have had to wait more than 20 minutes to have a live chat session with a Bluehost support rep. And when they do show up, they aptly tell you they’re on multiple chats at the same time, as if you’re supposed to make up for their under staffing. Not cool guys, not cool.

So you end up wasting even more time on trivialities, since they are carrying over issues from other chats. Could this be the reason why they have terrible attitudes at times? But instead of pointing fingers, am I expecting too much out of $4 a month? Perhaps I am. Choose your web host carefully, or you could pay with the loss of traffic (or potentially your business).

That aside, do they have secure servers? What other security measures do they have in place? Will you be able to restore your WordPress site in case it’s hacked, or will they tell you your backups are corrupted too? Will they notice the intrusion long before the attacker causes serious damage, or will they shut down your site and notify you when it’s already too late?

Do you really have to stay on that shared hosting package? Is your web host secure, or do they leave you vulnerable to all manner of attacks? The only way to find the answers to these questions nad any others you might have is to read reviews (and this post counts as one) and do the necessary research. I mean it, just do it, and you’ll be surprised just how much you can learn about a company on the big WWW.

Get Clean WordPress Themes + Plugins

The hacker’s favorite playing field, themes and plugins (especially poorly coded types) provide easy access to your site admin. Right this minute, some hacker is probably trying to gain access to your WordPress site/blog using a poorly-coded theme or plugin. If a hacker uses a backdoor hack (hidden in a theme or plugin) to access the admin area, you’re roast goose. They can wreck havoc however they wish.

As such, it’s important to download themes and plugins from trustworthy sites. Are you looking for a clean theme? We recommend  Themeforest. Need clean plugins? Check out the WordPress Repo . Know of any other trustworthy sites where we can get themes and plugins? Please share in the comments.

Update Themes + Plugins + WordPress

At times, a great theme or plugin might come with a security flaw. Usually, developers release updates to seal these security holes. However, if you don’t update your theme or plugins, you become an easy target for hackers who -in most cases – are aware of the security flaw. After all, info about the security flaw is available in the public domain, so yeah, hit that update button already.

Keep them themes and plugins up to date. Remember to upgrade your WordPress installation as well, or you’ll cry foul when hell breaks loose.

Backup Your WordPress Site

Don’t be the one to rebuild your WordPress site(s) from scratch like yours truly. With full and regular backups, you can restore your WordPress site with ease even if the hacker person tore it from the hinges and flung it all the way across Atlantic Ocean.

And please don’t make the mistake of assuming your web host keeps secure backups of your site, even if they proudly proclaim it in their marketing brochures. The only (and best) way to protect yourself is investing in a professional and reputable back up solution such VaultPress even offer their own backup options with various plans.

If you know your way around your web server, you can even create manual backups at regular intervals (and for added security we recommend taking your own manual backups in addition to one of the plugins mentioned above). Bi-weekly is a great schedule to start with. Just compress your WordPress website, and download it to your local machine. Download also the WordPress database, and save both on a secure folder on your computer. Ensure your computer is clean.

There are many WordPress backup plugins too to do your bidding, so worry not if you can’t find your way around a web server. You can read more about securing your WordPress website, and share your tips as well. Let’s move on, and see how we can recover your hacked WordPress site.

How to Recover a Hacked WordPress Site

You just woke up, and your site isn’t there. Poof, gone with the wind just like that. You probably just got an email or text message letting you know the proverbial rainy day is here you’ve lost the reins of control to some masked mongrel out there. What to do?

Your first reaction would be panic, which is alright since it means you’re still alive, and can do something about the hack – or if you’re really lucky – the hacker. But you shouldn’t worry yourself to the point of mental meltdown, we still need you. After all, the damage is often recoverable in no time.

You Can Still Login

With some hacks, you might still have access to your WordPress admin area. If this is you, you can recover your site easily by eliminating the damaged files and sealing the point of entry. Usually, Google and your web host will let you know when you’ve been hacked. They might even show you the hacked files and URLs.

All you have to do is login into your WordPress site, remove the affected files, or change your login details and update your entire WordPress installation. Just reinstall WordPress from your admin area. You might need to replace infected themes and plugins with new fresh copies as well.

Uh-oh, You’re Locked Out

Other times, a hacker may completely lock you out or have you locked out of your WordPress site(s). This happened in my case – I couldn’t login into any of my sites. How did I recover my site? I would love to tell you it’s easy, but I would be lying through the teeth.

First, contact your web host, and even if they aren’t forthcoming with the info, pressure them to provide details of the hack, including a list of the infected files. If the live support guys give you a hard time, give them a ring, and if that isn’t enough, just take the battle to them on social media. Many companies, not just web hosting companies, will think twice about tarnishing brand reputation on social media on the account of one disgruntled customer. Be polite however; don’t go hurling unprintable expletives. This is what I did, and sure enough, Matthew saved a malware.txt file in my server.

With such a file in place, cleaning and eventually recovering your WordPress site is a matter ofeliminating and replacing affected files. Nevertheless, it can be a long process, especially if the damage is extensive since you have to find each affected file one by one.

However, with a file showing you where the infected files are, all you have to is login into your cPanel -> File Manager and delete/replace victimized files. Note, this might force you to delete entire plugins, and even themes. If you don’t use a child theme, and your parent theme happens to be infected, you’ll lose your custom design, but hey, at least your site is up! You can always replace plugins, so this shouldn’t be a problem.

Deleting core WordPress files will incapacitate your site in ways you definitely don’t want. The best course of action to take if this is the case is to replace affected files with new ones. Just ensure the replacement files are from the same version of WordPress you’re using. Otherwise, you’ll break your site. See why it’s important to keep your WordPress installation updated all the time?

If you have a reliable backup solution in place, your chances of recovering your hacked WordPress site increase tenfold. All you have to is rollback to a previous version of the site, and relax.

Note that after recovering your site, it might need some rebuilding. After you’ve reinstated your WordPress site (which means you can login to the admin area), check to ensure all core functions are working. Things to look for include widgets, contact forms, social media and anything else tied to any affected plugin or theme.

For instance, after restoring my site, none of my forms were working since I had to delete Contact Form 7, the plugin that drives all my forms. I had to delete Jetpack as well so I lost social sharing, comments and RSS feeds among other features. I deleted All in One Favicon as well, and lost my custom favicon. I recovered all these features simply by reinstalling the affected plugins.

Note, the plugins in their own weren’t the problem, but since the hacker had access to my server, and admin access to my WordPress sites, they could add malicious code wherever they willed. I deleted WordPress SEO by Yoast as well, which means my SEO efforts tanked. I took the hit like a man is supposed to, and I’m still recovering.

Luckily the hacker didn’t seem bothered with my content. They/she/he/it didn’t add fluff and links to some phony sites like it happened in the past. I’m still rebuilding my site, and considering a site/content redesign. See? Getting hacked wasn’t all that bad after all. It opened my eyes to the things I was doing wrong, and gave me the impetus I needed to take action for the better. In fact, if Bluehost support reps hadn’t wasted so much of my time, I would have restored my site in no time, and spared them this detailed review.

Back to hacking, once you’ve cleaned your site, contact your web host to remove you from the blacklist. At the same time, recovering your hacked WordPress site won’t mean jack if you get hacked the second time. If the security holes are left unsealed, all your recovery work is in vain. Contact your web host, and let them advise you on how to seal the breach. At times, the problem could be another site on your shared hosting plan. While this might give you some peace of mind, you should upgrade to a more secure plan or invest in the security optionsaforementioned.

The most fundamental thing to do after restoring your site it to change all login credentials, admin email included. This will ensure the hacker doesn’t regain access to your website, or even your other online accounts. A word of caution: Even if you change your login details, the hacker might still be logged into your site, which defeats the whole purpose of obtaining new login details. What to do? Firstly, if you have several users on your site, ensure none was the point of entry. You can create new ones for your various users; writers, web designers, editor etc.

Secondly, you need to change security keys in your wp-config.php file to automatically logout all unauthorized users, including the hacker. Generating new security keys is easy peasy work. Just go to creating new security keys, generate new keys, login to your server and update wp-config.php with the new details. The process is rather straightforward we don’t expect you’ll run into any trouble.

Recapping

What else am I forgetting? Let me see; in a nutshell this how to protect yourself, and recover your WordPress site should the unthinkable happen:

• First, get a better web host preferably managed WordPress hosting 
• Invest in WordPress security solutions – Firewalls, backups – the works
• Create strong login details, and keep them private
• Clean your computer, and keep the software on it updated
• Update WordPress, themes and plugins
• Get themes and plugins from reputable sources

And should the worst happen:

• Don’t lose your mind, there’s always a solution. Rebuilding from scratch too is an opportunity to improve
• Contact your web host, and drive them insane
• Fix the problem or hire a professional (they are readily available)
• Rise from the ashes and soar up in the sky once more
• Be awesome, and perhaps document your experience to help another

Resources

Perhaps I left out some areas innocently, or you simply couldn’t recover your site with the tips shared here. Perhaps you just want to learn more. Who am I to stand in your way? After all, we really want you to recover your hacked WordPress site. So here’s a great list of resources to make your work easier: