In few of my previous posts I’ve talked about securing and speeding up WordPress sites. Since we live on the earth and hacking is not something like alien here, so we must be aware of its existence, and if unlucky enough, some of us may need to deal with it. And yes, this post is going to tell you the easiest way to recover a hacked WordPress site.
If you’ve been reading the Themeum blog regularly, you must know about WordPress backup and restoration process. Without having a pre-generated backup, it’s troublesome to recover a hacked WordPress site. So the fastest and easiest way of taking back your site online is restoring it from a recent backup.
If you someday find your WP site compromised, you don’t need to worry much if you still have access to the domain control dashboard and the site’s hosting server. At first contact your hosting provider whether they have any saved backup. Most of the good hosting companies generate backups of their customers’ sites regularly. Or if you have an available backup taken by you, restore that (whichever is latest).
If you don’t have any backup and your hosting provider also cannot provide a backup of your site, that’s a bit trickier situation. Try to reset the admin password. If for some reasons general password reset method doesn’t work, try to set a new password for your admin user directly in the site’s database. See this tutorial to learn how to do this.
After recovering admin access, scan your site to clean malware (if any). Sucuri WordPress plugin can help you in this purpose. Check all users’ permissions. Update the core WP, plugins and themes. Setting a clean theme is a good idea. Remove unnecessary plugins/themes. Wordfence is another useful plugin to scan and repair a hacked site. Also scan installed themes with Theme Authenticity Checker (TAC).
So you’ve just recovered your hacked WordPress site. If you were successful in doing the above tasks, your site should be up and running right away.
Before stepping into production stage, you must install a backup creator plugin on your WordPress site. You may also pick a hosting-side backup system if available. So implement a backup generator mechanism on your WordPress site and save backups regularly. You may see this post on how to backup and restore a WordPress site. Choose a good hosting provider. Use well configured security plugins and strong passwords.
These are the simple rules of having an uninterrupted WordPress experience. More important posts are coming soon. Stay with Themeum!