A question that every single webmaster asks is that how can they can restore hacked wordpress websites. Well, we are gonna answer that today in this post! hope it helps!

Check it out:

Joomla cms and wordpress are two different platforms that are used by people all around the world. Therefore, developers , researcher’s and hacker’s are always looking for different ways to find out security bug’s on it and after finding it, they also try to exploit it, instead of informing the web owners in a good faith.

They normally find bugs on your plugins and then upload a shell (file that gives privilege to them on your website). Also note that many hacker’s hack websites for defacing purposes or to get fame. In the very beginning, they change the main page index.php of your website.

How can I restore that?

Firstly, you need to update all your plugins and also check your server, from where your website is being hosted because many wordpress website’s have been hacked due to a poor server security. After that, scan your website to look for that shell or any malware with the help of Norton IS or SpyBot. Search all the local site file (contents-for terms like, “preg_replace(“/.*/e” & base64_decode.”

Now, change your website, cms , ftp password, (wp-config.php) DB-PASS and security keys (leave wp_ table prefix for now).

This entire process can take a lot of time, depending on how familiar you are with WordPress, hosting control panels and how many plugins and uploads a site has, .

Security Vulnerabilities in WordPress

Security Vulnerabilities in WordPress

Your wordpress website can be vulnerable to attack in many different ways.
Some of the most common ways are:
  1. Weak usernames/passwords
  2. Theme or plugin bugs
  3. If you haven’t updated your plugins/themes and WordPress core in a timely manner.
  4. Jerks who hack WordPress sites

Regardless of how it happened, you’ve been hacked. Take a deep breath. Stay calm and don’t try to do anything rubbish.

  1. Firstly, clean up your local machine (run anti-virus) and update everything.
  2. Next, log into your hosting account and check, whats the issue. You need to make sure that your website has actually been hacked because there is also a chance of service outage or some other problem. Once, you are 100% sure that your website has been hacked, send them a support message asking, if they can trace what has happened and what caused it.
  3. Immediately change all your back end passwords (FTP/SFTP/MySQL).
  4. If you’ve got a backup of your site, you can easily walk through a simple “restoration-tutorial“, however, if you haven’t, then you need to start the backup process.
  5. Close any backdoors that the hacker may have left and secure your (wp-config.php file).
  6. Update everything.
  7. Change your passwords again, just to be on a safe side.

Consider a premium security solution such as managed WordPresshosting and/or SucuriManageWP is another good option for all those people who like to keep their (shared-hostings).

Don’t forget to Subscribe Us via Email to get regular updates.

About The Author

Hello, Hamid Ashraf is an Independent Security Researcher, Internet marketer, Entrepreneur and a SEO consultant,

4 Responses

  1. Abhijith

    There is one for vulnerability that hasn’t been talked in this, Spam bot attack. It should also be added, and securing from it is a very tough process. Myself has an attack, I recovered using ZBBlock script. It would be better if you add that too.


Leave a Reply

Your email address will not be published.