WP Support Desk

Your 24/7 WordPress Support Team

  • Schedule a Call
  • WordPress
  • WordPress Development
  • WordPress Hosting
  • WordPress Maintenance
  • WordPress Plugins
  • WordPress Security
  • WordPress Support
  • WordPress Themes
  • Website Checklist
  • Product Reviews
Home » What to do When Your WordPress Website Gets Hacked – Complete Guide

What to do When Your WordPress Website Gets Hacked – Complete Guide

Last Updated: January 16, 2025 by WP Support Desk

  • Total11
WordPress Website got hacked

Oh no! 

Did your WordPress website gets hacked? 

It’s like your worst nightmare just came to life!

It may seem bad but all is not lost, you need to calm down. Take a deep breath. 

Once you are a bit calm you can work on your plan on how to regain a hacked WordPress website.

In this post, we’ll walk you through the step by step process of what to do when your WordPress website gets hacked.

Let’s get started.

Contents hide
1 First – Breathe & DO NOT Panic
2 Hire a Professional
3 Step 1- Find Out the Source
4 Step 2- Get In Touch With Your Hosting Company
5 Step 3- Create a Manual Backup
6 Step 4- Restore WordPress From Backup
7 Step 5- Check Your Website Activity Log
8 Step 6- Scan Your Website
9 Step 7- Un-Used Plugins & Code
10 Step 8- Check Your Permission Level
11 Step 9- Change Your Password
12 Step 10- Strengthen Your Website Security
13 Conclusion
14 FAQs

First – Breathe & DO NOT Panic

If your website gets hacked, you may start to panic. Which will trick your mind that everything and all the effort you have put until now is gone. That is not the case, in reality.

If this happens, the first thing that you need to do is take a deep breath and do not panic. 

All is not lost!

Once you are a bit calmer and in a better state of mind, there are some practical routes you can take to get your website back. Which you will only be able to do if you are able to think clearly.

Hire a Professional

Most people who choose WordPress to build up an online empire from the ground up are not tech-savvy. 

People pick this platform for its easy to use and easy to handle features.

If you are one of them, it is wise to hire a professional as soon as you suspect something went wrong with your website, instead of wasting valuable time trying to figure things out on your own. 

Because it’s something that needs to be taken care of immediately. 

With WordPress’s popularity, it is very easy to find experts with the required set of skills that will be more than happy to help you.

Of course, there is always the option of fixing things up by yourself but it’s going to cost you both: precious time and money. If you don’t know what you’re doing, the chances are you might mess things up further.

If your WordPress website has been hacked, the best thing to do is act immediately before your website suffers further damaged.  And hiring a professional is the best way about it. 

If you decide to take matters in your own hands, here is what you need to do. 

Step 1- Find Out the Source

The best way to solve a problem is to figure out exactly what caused the problem in the first place. 

Most hackers access your website at three critical points:

  • .htaccess files
  • .php files
  • Media files

If you’re familiar with these files (if not, the sooner you get a hold of these common files the better) be sure to audit them the first thing. 

Other common places for potential hacks are themes, plugins, uploads directory.

Hackers can manipulate these files and incorporate malicious links that can adversely affect the overall website performance.

Also, a lot of website data cluttering up in these files can slow down the overall website speed. 

Keep your website data clean and up to date to avoid any potential attack.
You need to check a few things first:

  • Are you able to access your WordPress dashboard? 
  • Has Google marked your website as insecure? 
  • Is your website redirecting to some other web page? 
  • Does your website have any illegal links?

Note all of this down as these are the things that your hosting company is going to ask you. 

Step 2- Get In Touch With Your Hosting Company

Next, if your WordPress is hacked you got to check with your hosting company.

Most of the good hosting companies are really helpful when it comes to dealing with these types of situations. They have a team of highly trained professionals that deal with such situations on a regular basis. 

Contact them right away if you find something fishy with your online presence. They will help you in the following ways:

  • They give you the information on how your website got hacked.
  • Inform you if the hacker got access to your website through another website sharing your server
  • They might even figure out the backdoor used by a hacker to gain entry  
  • Hosting companies keep regular backups of your website which might be useful. 

Sometimes your host might even offer to clean up your site for you (if you’re lucky). We have good experience with SiteGrounds when it comes to such matters. 

Step 3- Create a Manual Backup

Never take all the effort you put for granted. Creating a manual backup regularly is the best way to secure your website and away from the suspicious eyes of potential hackers.

If your website gets hacked, you can revert it back to the previous version.

You won’t get back the images and content posted after the backup was created.

It’s still better than risking your whole content available online.
Updraft Plus is one of the best plugins to create a backup. It comes with both options: do a manual backup or set the timeframe to create it automatically.

Not limited to avoid hacking attacks, these manual backups are necessary to keep your website at the safe end.

Sometimes when you rearrange your plugins and add some extra code to customize your website, it is likely you do some blunder that puts whole website at stake.

These backups help you play with your site as you like better.

Step 4- Restore WordPress From Backup 

In situations like these backups can be real lifesavers. 

If we are in the habit of creating backups of your website, all you have to do is go back and restore it to the version from before you were hacked.

Restore your website to the previous version

Once you have restored to the previous version, keep in mind that all the updates, posts or general changes that you have made will be lost.

But you would have a clean website again. 

This is not the best or permanent solution, as you are still are at risk.

As you did not block the backdoor that the hacker used to break into your website which means you are still vulnerable to further attacks. 

You need to learn how to make your WordPress website more secure.

Step 5- Check Your Website Activity Log

It is wise to keep your settings in check.

Audit your website quite often and see who logs in to your website.

Make sure only authenticated persons have access to the admin and cPanel of the website.

If you find some suspicious activity here, it will help you track down the problem. If you think that your WordPress website has been hacked that you need to keep an eye out for:

  • Who Logged in?
  • Does this person have administrative privileges?
  • Should that person be logging in?
  • Was the login attempt a failure or successful?
  • Did this person make any changes in the post/page?
  • Did they install something? (plugin or theme)

Step 6- Scan Your Website

Scan your website regularly. Many security plugins are available in the WordPress plugin directory that ensures robust and powerful website security.

The website slapped with outdated stuff becomes more vulnerable to the successful attack. Hackers can create a backdoor using these outdated versions and can manage your website remotely.

Backdoor is a process in which hackers bypass the legal authentication process and access website data from anywhere.

iTheme Security and Sucuri are the best WordPress security plugins that help scan website data and predict where the potential hack is residing.

Step 7- Un-Used Plugins & Code

Instead of leaving everything to the shoulders of security plugins, it is wise to do some drill, manually.

Update plugins and themes every now and then.

Mind you, if you fail to update the plugin with two successive updates, you feel trouble jumping from your version to catch up with the recent one.

Remove the unused plugins and codes that burden up your website unnecessarily. 

Sometimes it happens you install a plugin to do a little tweak on the website but you fail to delete it after fixing the issue and it keeps residing on your website forever. Better remove them to make your data load faster.

Step 8- Check Your Permission Level

This is very important.

Make sure only authorized and trusted persons can access and manage a website admin area.

If you give permission to content creators, be sure they cannot log in to your admin area. Always keep control of publishing the new content in your own hands.   

Step 9- Change Your Password

Change all passwords related to your WordPress site including WordPress Dashboard, cPanel, FTP, MySQL data.

Also, the password needs to be unique that no one can access with a simple guess. You can use a password generator to create a strong password.

WordPress can generate a set of security keys that serves as a set of random valuables to improve encrypted information in the user’s cookies. These keys make it almost impossible to crack the code and access your website.

A password with no encryption like “WordPress” or “username” is easy to break but if you create an encrypted password like “34b5da45349fdehwej343ljki45hj3” no one even with a genius brain can generate a right combination.

Check this post to get more information about WordPress security keys.  

Step 10- Strengthen Your Website Security

Once you get your website back, consolidate your existing website security.

And address the loopholes where hackers got access to your WordPress website and hack it.

Because if they steal your data the first time, they can do it again.

Conclusion

Keeping your website security up to scratch is a continuous process. You cannot install a single security plugin and think that now your WordPress website will not be hacked.

Be sure to check your website regularly. Even if you are not doing any work related to your content. Simply logging in to the WordPress dashboard once a day is enough.

Take everything in your control. Never give permission to someone, unless highly trusted, to login to the admin or cPanel area.

We would suggest that you hit publish with your own hands once blogs or videos are ready to be published.

How do you keep your website safe and secure? Have you had any experience of compromising your website data with the hacking attack? If yes, how did you recover it?

Also feel free to email us if you need any WP Support.

Professional Blog Setup Service In Just $79

Hate wasting time? Our expert blog setup service will save you time & $$$.

Click here to start

You will Get

  • Hosting selection advice
  • WordPress installation
  • Premium theme
  • Contact form setup
  • Pro security plugin
  • Yoast SEO plugin initial setup
  • Speed optimization

FAQs

How do I make my WordPress website secure?

It covers many things. From picking the reliable hosting company, installing WordPress security plugins, choosing a strong password, giving limited access, to limited login attempts, all are necessary to make your website secure. 

How many WordPress websites get hacked?

Based on stats, almost 70% of WordPress website are vulnerable to potential hacker attacks. 

How do WordPress websites get hacked?

The reason why WordPress is a common target for hackers is that it is a widely used platform for creating a website.34% of total websites are powered by WordPress.  

  • Total11

Filed Under: WordPress Security

WP Support Desk

We are a team of WordPress consultants, developers & customer happiness support members who are consulting, developing, maintaining and providing WordPress support since 2010.

WordPress Guides

  • What is WordPress? All You Need to Know
  • How to Build a Website – Start With Why
  • How to Build a WordPress Website From Scratch
  • How to Decide the Best Hosting for WordPress
  • What is WordPress Management? All You Need to Know
  • Best WordPress Plugins – Ultimate List
  • Ultimate WordPress Security Checklist – Updated 2025
  • 15 Best WordPress Themes for Blogs, Business & Ecommerce
  • Image Optimization for WordPress in 2025: Everything You Need to Know
  • How to Conduct a WordPress Site Audit – A Compete Guide
  • WordPress Speed Optimization – A Complete Guide

Professional Blog Setup Service In Just $79

Hate wasting time? Our expert blog setup service will save you time & $$$.

Click here to start

You will Get

  • Hosting selection advice
  • WordPress installation
  • Premium theme
  • Contact form setup
  • Pro security plugin
  • Yoast SEO plugin initial setup
  • Speed optimization
footer logo

SERVICES

  • WordPress Development
  • WordPress Support
  • WordPress Maintenance
  • Blog Setup Service

RESOURCES

  • What is WordPress? All You Need to Know
  • How to Build a WordPress Website From Scratch
  • WordPress Website Launch Checklist – Updated 2025
  • Ultimate WordPress Security Checklist – Updated 2025
  • How to Conduct a WordPress Site Audit – A Compete Guide
  • Yoast SEO Plugin – A Complete Guide for On-Page SEO in 2025

COMPANY

  • About Us
  • Blog
  • Contact WP Support Desk
  • ©2025 WP Support Desk
  • Affiliate Disclaimer
  • Terms of Service
  • Privacy Policy
WP Support Desk is the trading name of BTLtimes.com Limited Registered in England & Wales | Company No: 07204533

Copyright © 2025 · WP Support Desk on Genesis Framework · WordPress · Log in

This website uses cookies that help the website to function and also to track how you interact with our website. But for us to provide the best user experience, enable the specific cookies from Settings, and click on Accept. Customize Accept All Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
SAVE & ACCEPT