- Canada's Leading Web Hosting and Domain Name Provider

How to Fix a Hacked WordPress Site

It’s every web administrator’s worst nightmare—you visit your site and find out that it’s been compromised. You can likely clear your schedule, because this is now going to take up your day, or if you’re really unlucky, your whole week.

Website hacks happen in many different ways. You may find that your website is merely non-functional. Or, your website could be redirecting people to a different, disreputable site. Finally, some strange hacks actually create content pages on your site (usually hundreds of them) to try to fly under the radar and pass off their own content as legitimate by associating it with yours.

In any case, you’ll have to try to resolve the issue as soon as possible so you can get your site back online and get on with your life. Here’s how to go about it:

Try to log in.

This is step one because you can’t do anything to your site without being getting your admin privileges back. The hackers may have changed the password, but you may still be able to get in by using the “Forgot My Password” feature since you presumably still have access to the main email address on file. As soon as you are able to log in, turn on some extra security features like 2-factor authentication to prevent any further trouble from the hackers.

If you’re able to log in, assess the damage.

If you’ve followed best practices, you likely have a recent backup of your site that you can simply revert to, thereby deleting the entire hacked version of the site. Note that even if everything “looks” ok, you have no idea what kind of code may have been injected behind the scenes, so the easiest way to have peace of mind is to start with a clean slate by reverting your site to a backup.

If you can’t restore from backup, or if doing so would cause you to lose too much valuable content, you can always attempt to get rid of the hack manually.

The process you’ll want to go through basically involves:

  1. Doing a malware scan, available from a variety of providers online – and available free for all accounts at CanSpace.
  2. Delete all themes and plugins that you don’t use, and if it’s not too much of a hassle, re-download all your existing themes and plugins.
  3. Check user permissions and make sure everything looks ok. 
  4. After you’ve cleaned up your site to your satisfaction, change your password again for an extra bit of security.

A completely different protocol is enacted when you can’t even get into your site in the first place to do all of the above. In these cases, your website hosting company could come in handy, depending on their data storage policies. 

At CanSpace Solutions, we make nightly backups of all our hosted sites so we can help you get your site back even if all other channels fail. All of our accounts come with a Web Application Firewall, to prevent most exploits in the first place.

If you suspect something may be going on with your site and need help, it’s better to do something than nothing! Reach out to us to talk about solutions!

CanSpace Team

CanSpace Solutions is Canada's leading domain name registrar and web hosting provider. Keep an eye on our blog for expert information on domain names, websites, and running a business online.