Steps to Restore a Hacked WordPress Website

With WordPress leading the charge as the worlds most used content management system, it also ranks first as the most hacked CMS on the web.

Powering 34% of the entire web, it’s no question WordPress is a popular choice for web users and a popular target for hackers. It is with this reason why we can’t stress enough to have the right security measures in place to help safeguard your website.

We often have customers come to OnePoint with the task of restoring their WordPress website after a malicious attack.

While each site attack varies, there are a number of key areas which we focus on to restore a website back to a healthy working condition.

Identify the Type of Hack

Diagnosing the type of hack can assist with what methods need to be put in place to restore your website. You can use a variety of scanning tools to help locate malicious codes. Additionally, check for any core vulnerabilities in the WordPress core files, located in the wp-admin, wp-includes, and other root folders.

Remove Unsupported Plugins

From a security standpoint, a malicious individual might discover an exploit that leverages those old plugins. This is a common example of how brute force attacks arise.

Change WordPress User Passwords

If your WordPress user account has suffered a brute-force attack, changing your WordPress user login password is crucial. This can be actioned by slection the users table in your database. When editing your user’s details, ensure your new password has MD5 encryption from the function options dropdown.

Change CPanel and FTP Passwords

Depending on the extent of the hack, we strongly encourage all to update their CPanel and FTP passwords to further improve security.

Clear .htaccess

We often see hacked sites handle redirects and actions that are specified in the .htaccess file. Inspect the .htaccess file for any abnormalities. If you delete the file, WordPress can generate a new base .htaccess file for you, simply head to Settings > Permalinks and revert your structure back to Plan. After saving the settings, you can then change back to your desired format (e.g. Post name).

File Security Permissions

The correct set of file and folder permissions allows WordPress to create folders and files. The following settings are recommended for most users.

755 for all folders and sub-folders.
644 for all files.

Update Database Credentials

Change username and password details for your database, this can be executed from within MySQL Databases (in CPanel). Remember to also update your wp-config file with the new details as well as a new Salt Key.

Replace WordPress System Files

To reset WordPress back to the default installation settings, remove all WordPress site files from your server except the /wp-content directory.

Next, you’re going to need to upload a blank WordPress installation (all files except /wp-content directory) to the server; either via CPanel or FTP.

Update the wp-config.php file with your database credentials + salt keys. Next step is to deactivate all active plugins in your WordPress database – you can action this in phpMyAdmin.

Finally, sign into WordPress and reactivate desired plugins.

Going Forward…

Once your WordPress website is installed, you’ll need to consider staying more up-to-date with your site’s security. We suggest configuring a number of security features such as Login Lockdown, Firewall, 2 Factor Authentication, ReCaptcha Anti-Spam on Login forms and Changing your WordPress login address to name a few. All of these features come standard in many of the top WordPress security plugins such as All In One WP Security & Firewall, Wordfence, Sucuri Security, Vaultpress, Security Ninja and more.

If restoring a hacked WordPress website sounds overhwhelming, OnePoint offer website maintenance services to assist with the restoration of WordPress websites; speak with an expert today on 07 3444 0045.