Hacked Site Cleanup

July 21, 2021

Video Transcript

This class is going to look at a few ways to clean up a compromised or hacked WordPress site.

Now there is no one fixed fits all when it comes to cleaning up a compromised WordPress site. And that’s why it’s so important to minimize the risk of getting hacked in the first place. Now, if because of your site being hacked, you do not have access to the admin area of your WordPress site, then hopefully, you have a recent backup and recovered the creation and restoration of backups in classes two and three in the after install set. So refer to those if you need a refresher This way, you can simply log in your control panel and remove the site completely, I mean, the database and the files everything, then restore from your most recent backup.

Now, you should also contact your host and tell them what’s up just in case the hack came in through the host server, especially if you’re on one of those shared hosting setups. That way they can do their own cleaning and tightening up security on their end. Now, if your site’s a membership site, and this is important, if your site is a membership site, be sure to let the host know about this so that they don’t just go in there and start locking up everything which would prevent your customers from being able to access their files.

Now, here’s a good tip before you upload your backup files from your computer to your server, if you have an antivirus program on your computer, and you should go ahead run a scan of those files before you upload them just to make sure that you’re uploading clean files. Now once you have your files and database uploaded and your site is working, go ahead and do another scan like we covered in the previous classes by entering the site URL over at is it hacked.com and then clicking on check your site as well as site check.security.net. Again, just enter URL here, click on scan website and check out the results. Now assuming everything is good to go at this point, go ahead and log into your site’s admin area, go into users change all the administrator passwords. Now if the hack did come from your server or the host, and also change your login credentials for your cPanel access probably wouldn’t be a bad idea to change that stuff anyway.

And of course, as you’re changing all these passwords, be sure to jot them down somewhere or better yet, put them into that password manager we talked about in those previous classes. Now while you’re in your user page, be sure to click on the link for administrator. Of course I only have the one here. But you may have multiple administrators in your account, make sure that you know of all of those administrator users, because if any of them look funky, you just don’t remember them get rid of them. If it’s a legitimate one, they’re going to contact you to find out why they can’t access the files better to err on the side of safety.

In that case. Like I said, if you don’t recognize the user, get rid of them pulling also since we covered this in class 11 in the after install Set, go ahead and replace all of your salts to that Sunder file manager and the WP dash config dot php file.

And we may as well check things a little bit closer to home as well go ahead and run the antivirus anti malware program that you have on your computer just to make sure that your computer is as clean as your site is now. Now that after you’ve got your site to where you think it’s clean and ready to go, and you’ve done all the other tests we’ve talked about, go ahead and contact your hosting service once again and have them take a look at things to see if they are able to scan for anything that you may have overlooked, not while you have them on the phone, you might also want to see if they have or could put into place any type of virus and or malware checker just to help prevent this kind of thing from happening in the future.

And just in case you already have something like that in your control panel setup, I believe it would be under Advanced possibly security where there would be something like a virus checker or malware checker. Go ahead and run that while you have a chance you know just to make sure everything’s working okay, and is clean from the get go. Pretty simple stuff. Let’s say we want to scan the entire home directory, click on scan now. And depending upon how much stuff you got going on there will determine just how long it’s going to take. So this could be a while. So I’m going to let you sit here and watch this chances are pretty good. It’s going to come back clean anyway because again, it’s just a starter demo site. But that’s going to bring us to the end of this class on a few steps to take if you suspect your WordPress site has been compromised, also known as being hacked. Thanks for checking out the class and you have a great day.

Previous Lesson

Back to Course

Next Lesson

Hacked Site Cleanup

Lessons in This Course

Why Hack My Site?

Computer Security

Secure Hosting

Managed Hosting

Secure Auto Install Using cPanel

Secure Manual Install Using cPanel

Monitor Site – Uptime

Backup Plugins

Manual Backup

Security for PHP

Remove User 1

Username Trickery

Hide Admin Username

Hide Any Username

Hide Database Prefix – Method 1

Hide Database Prefix – Method 2

Replace Security Keys – aka Salts

Secure Config PHP file

Customize Log-in Error Message

Brute Force Attacks and Solutions

Remove WordPress Version Number

Has Your Site Been Hacked?

Hacked Site Cleanup

What to do After Cleanup

Site Health Tool

The Good and Bad of Plugins and Themes