What to do if your WordPress website security is compromised / hacked ?

In this article, we provide a list of items that will help you go through if your WordPress website is facing security issues and hopefully you can recover your site to it’s original state and secure them much better in the future.

1. Install WordFence plugin 

It is recommended to install WordFence Plugin and perform a Full scan on your website by following the steps below.


A. Go to WordFence > Scan
B. Click Start New Scan
C. Check and Fix Critical Results (i.e malicious files detected, unknown files, Update Plugins/Themes, Upgrade WordPress version)

2. Request Hosting Provider to Perform a Full Scan

Most hosting provider will be able to assist in performing a full scan and will provide a full report at the end of the scan. There are few options to resolve the situation including getting professionals to resolve the issue (you may request your hosting provider to recommend) or if it’s too critical you can request your hosting provider to perform a rollback to where your site was clean and fully functional. (Refer to Step 4)

3. Delete Unused WP Themes and Plugins

In addition, If you have unused Themes or Plugins, be sure to delete them from your website as well as some old / vulnerable codes can provide hackers with ways to exploit your website even they are not enabled.


4. What to do if your site is already being compromised / hacked ? How to recover your website?

If your site is fully compromised / hacked and in a very critical condition, best to contact your hosting provider (or open a ticket) and request them to perform a rollback to a date where your website was still functional (Most hosting provider has the capability to perform rollback). Once the site is restored, you can update below items to the latest version and install WordFence to perform a new scan.

A. All Plugins to be updated to the latest version
B. All Themes to be updated to the latest version
C. Upgrade WordPress core to the latest version


Just to sum this up, it is crucial to ensure your WordPress version, WP Theme, All WP Plugins are updated to the latest version just to ensure that your site is safe and free from vulnerabilities. New vulnerabilities might appear from time to time, as hackers found new ways and technologies to exploit, it is important to stay vigilant and ensure that the site, theme and plugins are up to date.


Users who have LIKED this post:

  • Sofia Moss
Share this content