Security Vulnerabilities

What Should You Do If Your WordPress Site Is Hacked?

Millions of people today are using WordPress to power their website, and even though the team behind WP works hard to make sure that their sites are as safe as possible from hacks and malware, those issues can and do still occur. Sometimes, the attack happens because someone was not careful with their password.

Other times, there might have been a loophole in a plugin they were using for the site, which allowed the hackers to have access. The attack could happen due to a wide range of different reasons.

Since attacks can and do happen, you will want to have a better idea of just what you should do if you find your site on the receiving end of a hacker’s unwanted attention.

Was the Site Hacked?

teguhjatipras / Pixabay

How do you know whether the site has been hacked or not? There are a few telltale signs that you will want to look for if you believe that the site might have been hacked in some way. They include:

  • You are not able to log into your site.
  • You have a sudden drop in traffic and find that it has been redirected to another site.
  • There are signs of vandalism on the homepage. In these cases, the attacker will often contact you to ask for money or something else before they return control of your site. This has happened on social media sites, as well.
  • Ads are displayed on your page that you did not put there.
  • You notice unusual activity in the server logs.

These are some of the most common signs that there is a problem with your WordPress site. If you find that you have been hacked, you need to know what to do next to get your site back under your control.

What to Do Next

kalhh / Pixabay

One of the first things that you should do is try to remain calm even though that is easier said than done. If your site has been hacked, you are going to be angry and upset, and you are going to wonder just how much damage was done. Try your best to stay as calm as possible so that you can get things under control with your site.

You will want to look for backups of your site. The backup might be available through a backup plugin service if you are using one. It could be a backup that you have on an account in the cloud, or it could be one that is available from your hosting provider. For those not hacked yet, and who do not have a backup, it is a good idea to remedy that right now. Get one set up and running.

You will also want to delete plugins that you have not used in a long time or that have not been updated. After all, the plugins, as well as the themes tend to be a common entry point for hackers, and you do not want to make their lives any easier. If you have a free theme, it is time that you upgraded to a paid theme, as well. Make sure that everything is fully updated and that you have the latest measures for WordPress security that come with the system.

Once you have updated the plugins and theme that you are going to be using, you will then want to make sure your WordPress system is up to date. New updates help to shore up against any potential problems and security risks.

It is also vital that you change your WordPress password and usernames. You will want to do this every month or so, and you need to make sure that you are generating a high-quality, strong password that will not be easy for the hackers to unravel even with password programs.

You should also find a plug-in that will allow you to limit the number of login attempts to the account before someone is locked out. This can reduce the risk, as it will be far more difficult for a hacker to get the right password on the first couple of tries. The more difficult you can make things for the hackers, the better off you will be and the better your WordPress security will be.

Going Forward

There are more things that you will want to do going forward to make sure that your site remains as safe as possible. For example, consider enabling two-factor authentication. This can ensure that even though your login information could be leaked somehow, you will know whenever there is an attempt to enter your account that was not from you.

Consider getting a firewall and an SSL certificate, as well. These can help to provide you with a nice bit of added security that will make it more difficult for the run of the mill hackers to get passed. Of course, it is also essential that you make sure you are going through a quality host. Make sure that the host has safety protocols in place, as well.

Keep an Eye on Your Site

Even when you work on hardening WordPress against these types of attacks, they still can happen. This means you will want to take the precautions above and you will want to keep an eye on your site for any signs of unusual activity. If there are issues, do not ignore them. Track down the problem, fix it, and secure the site again.

Get a plugin that can provide you with a security checkup, so you will have a better idea of where problems might be hiding and how to fix them quickly and easily. Do not take your WordPress security for granted. You need to make sure that you are proactive and that you are getting the site the protection that it needs. Hackers can quickly ruin your reputation with customers, steal information, and destroy your business. Do not let this happen to you.

Read more about the author .

Save 40%

On monthly and annual plans

Lifetime Deals

Only during BF sales!




We won't spam you. Unsubscribe any time.

Wait! Before you go!

Get 10% discount for any WP Security Ninja plan!


Subscribe to our newsletter for new releases, discounts and general WordPress Security news. Sprinkled with other interesting stuff :-)

WordPress Turns 20: Save 20% Now!



Code valid till June 26th 2023

10% OFF

Subscribe to our newsletter

* We do not spam or share your email

Discount on any Security Ninja plan

and get

Hi and welcome back :-)