A hacked WordPress site is one of the worst nightmares of a blogger or a business owner. When a website is hacked, you may lose access to it, your posts might be deleted or malicious code that was inserted by a malicious script or hacker might destroy your website. Here are the tips WP admins can follow to fix a hacked WP site:
Change the user admin password
If you’ve lost access to your WordPress site, you must change the password of the username in the database table. This is because WP saves encrypted user passwords in a DB table. To change the admin password, log in to your server via SSH or cPanel software. If you’re logged in via SSH, log in to MySQL and choose the user WP table. Now change the password of the admin. If you’re using cPanel, open PHPMyAdmin and then choose the user WordPress table. Now, change the password of the WP administrator account. If you find a user that you have not created while exploring the WP user table, delete the user entry immediately.
Get rid of plugin/theme you have downloaded from somewhere else
WP plugins and themes are checked before they are made available for download. If you’ve downloaded extension/themes from sites that are not well known, you have taken the 1st step in destroying your website. The malicious plugins/themes will work until you disable them. The most important step in fixing a hacked WordPress site is to disable the nulled plugins/themes (non-WP repository items) you have installed and get rid of them.
Install and use Wordfence
Wordfence is one of the greatest WP security plugins. It can do a variety of things including fixing a hacked WordPress site. A nulled extension or a theme can make some changes to WP core files. These files may make drastic changes to the website and the sitemap. For example, the script may generate 1000s of pages containing spam and create a sitemap that has the links to these pages. When search engines find this sitemap, they may index these auto-generated pages and if you take no action on time, your website ranking in search result pages may get affected. Wordfence can replace all core WP files with a click of a button. Thereby saving your website. If you don’t use Wordfence, you will have to replace the files manually, and doing so takes time.
Restore or clean the database
If replacing the core files doesn’t work, you should clean the database tables. A plugin or theme may have inserted the code of the script in a WP table and might be inserting the same in the pages. WP themes and extensions published in the WP repository escape/sanitize HTML output and scripts. Plugins/themes that you may have downloaded and installed may not be escaping the HTML output. You must look for code stored in the DB table and get rid of it when you find it. To find the code, you can use the like operator or instr functions of MySQL.
How to keep a WordPress site safe?
Use fail2ban: Fail2ban is a powerful application that can block access to login or admin pages when the user enters incorrect login credentials often. If the hosting company doesn’t allow you to install the application, use a WP plugin that will limit login attempts and block the IP address when the user reaches the threshold set by you.
Keep an eye on log files: No matter what hosting service you use, you will get access to the WP site’s log files. Check the log files often and block IP addresses that are repeatedly requesting your site’s log-in page with Iptables, UFW, or a plugin that lets you block IP addresses. Wordfence can block IP addresses.
These are the suggestions that you can follow to fix a hacked WordPress website.