How to clean a hacked WordPress website

Having a WordPress website infected with malware or malicious code can be a nightmare for website owners, leading to potential security breaches, data loss, and damage to your online reputation. We'll show you how to recover your website from malware attacks and ensure a safe and secure online environment for your customers and visitors.
14 June 2024 | WordPress Website Security

Cleaning an infected WordPress website is a critical task that requires prompt action to protect your site and visitors from potential harm. With the sadly too common occurrence of malware and cyber attacks, it’s important to follow a thorough and systematic approach to effectively clean and secure your business website. Here are the best steps to clean an infected WordPress website:

  1. Identify the Infection: The first step in cleaning an infected WordPress website is to identify the source of the infection. Common signs of a compromised site include unexpected redirects, suspicious files or code injections, and warnings from search engines and security tools. Use malware scanning tools like Sucuri SiteCheck or Wordfence to scan your website for malware and vulnerabilities.
  2. Backup Your Website: Before making any changes to your infected website, it’s crucial to create a backup of your files and database. This ensures that you have a copy of your website in case anything goes wrong during the cleaning process. You can use backup plugins like UpdraftPlus or BackupBuddy to easily backup your WordPress site.
  3. Update WordPress Core, Themes, and Plugins: Outdated WordPress core, themes, and plugins are common entry points for hackers to infect websites. Make sure to update all components of your WordPress site to the latest versions to patch any security vulnerabilities. You can do this through the WordPress dashboard or by manually updating the files.
  4. Remove Malicious Code and Files: Once you have identified the infected files and code, it’s important to remove them from your WordPress website. You can do this by accessing your website files via FTP or the hosting control panel and manually deleting the malicious files. Be cautious when making changes to ensure you don’t accidentally delete important files. You may also need to check files for additional code that’s been added or the infection will keep coming back. This is by far the most time consuming and frustrating step in the process.
  5. Clean the Database: Malware can also infect the WordPress database, so it’s essential to clean and sanitize it to remove any malicious code or links. You can use tools like Wordfence or Sucuri to scan and clean your database for malware injections and suspicious entries.
  6. Reset Passwords: Change all passwords associated with your WordPress website, including admin accounts, FTP, hosting, and database credentials. Use strong, unique passwords that include a combination of letters, numbers, and special characters to enhance security.
  7. Review User Permissions: Review the user accounts on your WordPress website to ensure that there are no unauthorized users with admin access. Remove any suspicious accounts and limit the permissions of users to prevent unauthorized access.
  8. Install Security Plugins: Implement security plugins like Wordfence Security, Sucuri Security, or MalCare to add an extra layer of protection to your WordPress website. These plugins can help monitor and protect your site from future security threats.
  9. Monitor Website Activity: Regularly monitor your website for any unusual activity or signs of re-infection. Set up security alerts and monitoring tools to notify you of any suspicious changes or malware injections on your WordPress site.
  10. Submit Your Site for Review: Once you have cleaned and secured your WordPress website, submit it for review to search engines like Google and, if required, your hosting company, to remove any warnings or blacklisting. Follow the guidelines provided by the respective platforms to ensure your site is clear of infections.

Cleaning an infected WordPress website requires patience and attention to detail, but by following the steps outlined above and taking proactive security measures, you can hopefully clean and secure your WordPress site from malicious attacks.

To keep your website safe and secure, remember to maintain regular backups, update your software, and stay vigilant against potential threats.

If you have any questions or want to learn more about how our range of Website Care Plans can help protect you from attack, with the reassurance of proactive expert support should the worst happen, get in touch.

Want FREE Support?

Book your FREE 30m consultation call where we can look at what you need with your website or AI & Automation – and leave with actionable advice. 

Book your session

Need Help Now?

Need help straight away?  Talk to our customer ServiceDesk and our engineers will help – whether you are a Care Plan customer or not. 

Customer ServiceDesk

Website Management £1/day

Our Website Care Plans provide peace of mind your business website is in safe hands, from just £1/day 

Care Plans

Latest

"Communication is clear and easy to follow for all, even without a technical background."

Jo Gavin, General Manager
Ascot United

"From the offset Craig and his team were highly communicative, very responsive, and took our ideas and change requests into account without any hassle"

Dan Hayward, Managing Director
Atmosphere IT

"What can I can say, except where have you been all my life!"

Dan Lee, Operations Director
Monster-Shop

"Dealing with the people of GorillaHub has always been pleasant, and they have always been helpful."

Jai Patel, Director
JB Foods

"The ongoing support from the team has been invaluable"

Annelize Alfredo, Head of Centre
The Sheila Ferrari Dyslexia Centre

"I felt valued & supported throughout the entire process"

Jo Follows-Smith,
The Word Woman

"I am not very tech savvy but they were able to walk me through the whole process"

Jon Brooker, Founder
ProDrummer

"Superb! From start to finish the guys keep me updated daily and changes and feedback were always a key part in the strategy"

David Burton, CEO
Total Market Solutions

"Whenever I’ve requested changes however small or large, the work has been carried out efficiently and professionally"

Geoff Allen, Owner
Travallen Travel

"I am so happy I chose GorillaHub for our website build and look forward to growing the website with them over the coming years"

Joe Tickner, Business Development Manager
Ascot Promotions

Customer Feedback