• Shopping Cart Shopping Cart
    0Shopping Cart
  • 1 Day® Website
  • 1 Day® Branding
  • 1 Day® Brandstorm
  • 1 Day® Startup
  • 1 Day® SEO
  • 1 Day® Social
  • 1 Day® Website
  • 1 Day® Branding
  • 1 Day® Brandstorm
  • 1 Day® Startup
  • 1 Day® Strategy
  • 1 Day® SEO
  • WordPress
    • WordPress Web Design
    • WordPress Training
    • WordPress Website Maintenance & Support
    • What is WordPress?
  • Reviews
  • Resources ▾
    • Blog
    • Website Preparation Guide
    • 25 Elements of a Magnetic Brand
    • How to Name Your Startup
    • A Startup’s Guide to Hiring a Web Design Company
    • Video Tutorials & Resources
  • Free Tools ▾
    • Google Font Finder Tool
    • Brand Core Values Exercise
    • Brand Voice Interactive Exercise
    • Brand Archetype Quiz
  • Portfolio
  • About Us ▾
    • Our Team
    • Past Clients
    • Press
    • Passion Projects
    • Get 1 Day Certified
  • Logo Store
  • Contact
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
Bizzy Bizzy Blog
WordPress website security illustration

What to Do if Your WordPress Website was Hacked

October 31, 2014/in Website Design, WordPress How To's & Tricks /by Candy Phelps

If you think your WordPress website has been hacked, you’re not alone.

The only real big downside to using WordPress is that because it is the most popular website content management system in the world, it is also the most targeted by hackers. Unfortunately, no matter how many security measures are taken, there is no way to guarantee that your site won’t be hacked. But the benefits of WordPress far outway the risks when it comes to security, and there are many things you can do to minimize the risk of your website getting hacked.

Why Would Someone Want to Hack My Website?

A lot of people don’t worry about their website getting hacked because they think “no one would want to get into my website. there’s nothing of value there.”

The fact is, the reasons sites get hacked run the spectrum from unethical search engine optimization tactics to full-on cyberterrorism. Every website is at risk, no matter how teeny or “unimportant” you think it might be.

Watch this video by Google about how and why your website might have been hacked:

How Do You Know if Your WordPress Website Has Been Hacked?

Inspect It

In the most obvious cases, your website might actually be replaced entirely with the hacker’s website or calling card. Other visual clues that your website is hacked is that the website design is very messed up or looks different than it did before.

Scan It

To find out if your WordPress website contains malware, run your website through Sucuri’s free website security check.

Another way to find out is to create a free Google Search Console account. Google is usually pretty quick at detecting sketchy business, but first, you need an account.

Note that these two options won’t catch the sneakiest of hackers, but they will catch the lazy ones!

Google It

More subtle hacking will embed links that go to an external website that shouldn’t be there (these are common with pharma hacks). To check for a pharma hack type “site:yourdomain.com” into Google and see what the results look like. Of course, replace “yourdomain.com” with your actual URL. If you have been victim of a pharma hack, the results will often contain references to “Viagra” or “Xanax.”

If you can’t tell if your website has been hacked, it’s time to hire a professional WordPress developer or security company to investigate.

How Could My WordPress Website Have Been Hacked?

Here are some of the most common things that could cause your site to get hacked:

  1. You inadvertently downloaded spyware on your own computer and someone hacked into your site that way (if your emails have been hacked recently or if you notice anything else peculiar on your computer in your internet browser or otherwise, this is likely the case). Spyware on your computer can record your keystrokes and then use your user name and password to get into your site.
  2. Your web hosting server was hacked (this is more likely if you are using shared hosting, which most small businesses use).
  3. Your WordPress site was hacked from a brute force attack (a robot was able to guess your username and password) or other attack. If you are using “admin” as your user name and/or you’re not using a secure password (more than 8 characters + upper and lower case + number + other character + no full English words or names) this could have been the case.
  4. Your WordPress site has an insecure plugin or outdated software. This is the most likely case if it has been more than a few months since you have updated your WordPress software / plugins / themes.

What to Do If Your WordPress Website Was Hacked

If your site has definitely been hacked, here are the steps you can take:

Contact Your Website Developer

If you had your WordPress website developed by a professional, get in touch with them and let them know what’s going on. If you have a regular monthly care plan with them, your contract may include malware removal or “unhacking” your website. If not, they may be able to help you navigate the cleanup for a fee.

Scan Your Computer

You will need to scan your own computer for an infection. Do you have virus protection software on your computer? If so, run a scan. If not, we recommend this free malware scanner: https://www.malwarebytes.org/mwb-download. If you detect a trojan or spyware program on your computer, get it removed immediately, and then change ALL  the passwords to any websites you use once your device is clean.

Contact Your Website Host

If you scan your computer and nothing unusual pops up, you should also contact your website hosting company to inform them in case one of their server’s was hacked. They can check if the infection is server-wide. If it was an attack on the server, your host may clean up your website for free. And they will take the necessary steps to prevent the site from being hacked again in the same way.

Check Your Passwords

If your host does not report a widespread problem, you may have been brute force attacked. To prevent this in the future, make sure you have secure user names and passwords that aren’t easily guessed by robots or humans. If you are using the same password for many accounts, change them so each is unique and strong (containing at least one capital letter, one number and one character). Remember, don’t use any whole words. Once the website is cleaned up, change all the passwords to your website accounts and any other important accounts like your bank account just to be safe.

Check Your Website for Outdated or Unreputable Software

Most of the website hacks we have seen is because people didn’t update their WordPress software. The code on your website (the WordPress software, plugins and themes) is constantly being updated with security patches as new threats are identified. Consider deleting plugins that don’t come from a reputable author or that are no longer supported and replacing them with currently supported plugins from reputable authors. If any of your plugins are “deactivated”, delete them.

Clean Up the Hack

Without hiring a digital forensics expert, you will probably never know what happened to cause the hack of your WordPress website. But no matter what the cause, you need to clean it up, remove any malicious code from the site and protect yourself in the future.

Without cleaning up your website, you risk getting added to the “known spammers list” or a “blocklist.”

The best place to start is to revert to a backup of the website and scan it for malware. Do you, your website designer, or your web host have a backup of your WordPress website, including files and database? We always recommend built-in frequent backups to prevent loss of work (like blog articles that you might have written since your last backup).

You should change your WordPress passwords and authentication keys. You may want a developer to help with this step. You should also update all your website themes, core files, and plugins.

If your host has Sitelock or Sucuri, buying that software will not only help detect threats, but you can upgrade to have them fix the hack for you to make sure your site is safe.

It’s a good idea to check if your website was blocklisted. Here is a great FAQ article that discusses this and other things: http://codex.wordpress.org/FAQ_My_site_was_hacked

We HIGHLY recommend adding more stringent security measures on your website to help prevent attacks, which will take a developer’s help. Below is a list of security measures we always include on our websites to help prevent attacks as in #4:

  • ensuring the user name admin is never used
  • using a safe version of jQuery
  • using strict file permissions
  • blocking suspicious looking information in the URL
  • hiding WordPress version numbers
  • not allowing users without a user agent to post comments
  • ensuring the administrator’s user ID is not 1
  • changing the URL of the login page
  • changing the WordPress database table prefix
  • not displaying user’s names publicly
  • preventing php uploads
  • blocking non-English characters in the URL
  • and preventing directory browsing

Going forward, keep your WordPress updated once a month to protect your website from hackers. Consider a WordPress website care plan us if you would like to put your mind at ease and have experts help.

 

Tags: WordPress security
Share this entry
  • Share on Facebook
  • Share on X
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Vk
  • Share on Reddit
  • Share by Mail
Search Search

Recent Posts

  • Unleashing Creativity: DIY Your Social Media and Marketing with Adobe Express
  • Some of our Fave Website Projects of 2023
  • The Cinderella of SEO: Optimizing Your Website for Your Business Name
  • Case Study: Underground Self-Defense WordPress Website Design
  • What Is a Domain Name and Everything Else You Need to Know

Categories

Topics

1 Day Branding 1 Day Website blogging branding business branding business websites content management systems content marketing design ecommerce Enfold enfold theme free icons friday freebie Google Google Analytics graphic design Grow Your SEO how-to icon design icons marketing networking rebranding responsive web design search engine optimization SEO small business websites social media tutorial web design Website Content website design website development website planning website redesign websites Wix wordpress wordpress how to wordpress plugins WordPress security WordPress training wordpress tutorial YouTube

Let’s Get Bizzy

© Copyright 2025 Bizzy Bizzy | All Rights Reserved

Email

info@bizzybizzycreative.com

Madison, WI

2002 Atwood Ave | Unit 211

Contact Us

LGBTQIA flagBlack Lives Matter flag

Newsletter Sign Up
Link to: How Can I Tell if My Website is Affected by POODLE? Link to: How Can I Tell if My Website is Affected by POODLE? How Can I Tell if My Website is Affected by POODLE?Security Link to: 5 of the Best WordPress Plugins We Love! Link to: 5 of the Best WordPress Plugins We Love! retro graphic of computer with WordPress plugin5 of the Best WordPress Plugins We Love!
Scroll to top Scroll to top Scroll to top