Your WordPress site just got hacked. Your heart’s racing. You’re thinking about all the data you might have lost, all the customers who could see a compromised site, what this means for your business.
First thing – take a breath. It’s fixable. People recover from hacked WordPress sites every day. What matters now is moving fast and doing it right.
Here’s exactly what to do, in order, right now.
Step 1: Don’t Panic (But Do Act Fast)
Yeah, it’s bad. But panicking doesn’t help. What helps is acting immediately and methodically.
The longer a hacked site sits compromised, the more damage happens. More malware gets injected, more customer data could be at risk, more of your reputation gets damaged.
So move quickly but don’t skip steps. Speed with strategy beats speed with mistakes.
Step 2: Assess the Damage
First, you need to know what you’re dealing with.
Check what’s visible on your site – does it look normal? Is there a message from hackers? Defacement? Strange content? That’s visible damage.
The real damage is usually invisible – malware, backdoors, stolen data. But start with what you can see.
Go to your WordPress dashboard. Can you still log in? If not, you’ve probably been locked out and the hacker changed your password. That’s serious but recoveable.
Check Google Search Console (if you have access) – Google often flags hacked sites with a warning. If you see that, you definitely have a problem.
Check your hosting account – is your disk space suddenly full? Hackers often upload large files (malware, backups of stolen data). Full disk = probable hack.
Step 3: Get Your Host Involved Immediately
Contact your hosting provider right now. Tell them your site’s been compromised.
Good hosting providers have security teams that can help.
They can:
Take your site offline temporarily (stops further damage)
Check server logs to see how the hack happened
Help restore from backups
Scan for malware
Don’t wait on this. Most hosts have 24/7 support for security issues.
Step 4: Change All Your Passwords
Now. Not later. Now.
WordPress admin password, hosting account password, FTP passwords, database passwords, everything.
Why? The hacker likely has access to all of these. Changing them locks them out.
Do this from a different device if possible – not the computer that might be compromised itself.
Step 5: Restore From a Clean Backup
This is the fastest way to recover.
If you have a backup from before the hack (and you should have backups), restore it now.
This completely removes the malware in one move – way faster than trying to clean it manually.
Contact your host – most have automatic backups. Ask them to restore from the date before the hack happened.
If you don’t have backups, you’re in for a longer process. This is why backups matter.
Step 6: Clean Malware (If No Backup Available)
If you can’t restore from backup, you need to clean manually.
This is more complicated. You’ll need to:
Scan the WordPress installation for malware (plugins like Wordfence or Sucuri can help)
Remove infected files
Clean the database (hackers inject code into posts/pages)
Remove suspicious plugins and themes
Check user accounts for unknown admin accounts
This takes time and technical knowledge. If you’re not comfortable doing it, get professional help.
Step 7: Check for Backdoors
Hackers often leave “backdoors” – hidden access points they can use to get back in.
These could be:
Hidden admin accounts you don’t recognize
Suspicious .htaccess files
Backdoor scripts in theme or plugin folders
Check your user accounts in WordPress – are there accounts you didn’t create? Delete them.
Ask your host to check for suspicious files on the server.
Step 8: Update Everything
Once it’s clean, update everything:
WordPress core
All plugins
All themes
Most hacks
exploit outdated software vulnerabilities. Updating closes those holes.
Step 9: Strengthen Your Security
Now that you’ve recovered, prevent it happening again.
Implement these:
Strong passwords (16+ characters, mixed case, numbers, symbols)
Two-factor authentication on your WordPress account
Regular backups (daily if possible)
Security plugin (Wordfence, Sucuri, or similar)
Keep WordPress, plugins, themes updated automatically
Remove unused plugins and themes
Limit login attempts
Use HTTPS/SSL certificate
Step 10: Notify Your Customers (If Needed)
If customer data was compromised, you need to tell them.
It’s uncomfortable but it’s the right thing to do and often legally required depending on what data was taken.
Be honest about what happened, what you’re doing about it, and what they should do to protect themselves.
Transparency builds trust even after a breach.
Why Hacks Happen (And How to Avoid Them)
Most WordPress hacks aren’t because you did something wrong. They’re because:
Outdated WordPress/Plugins – By far the most common. Hackers scan the internet for vulnerable versions, find your site, exploit the vulnerability, and you’re hacked.
Weak Passwords – If your password is “password123”, a hacker can brute-force their way in.
Outdated Hosting – Old server software has known vulnerabilities.
Malicious Plugins – Some plugins (especially nulled/cracked versions) contain malware.
No Backups – This doesn’t cause the hack, but it makes recovery way harder.
Poor Security Practices – Leaving default credentials, not monitoring for suspicious activity, no two-factor authentication.
The good news? Most of these are preventable.
Recovery Help
If you’re overwhelmed or don’t have the technical skills to do this yourself, get professional help.
We help businesses recover from hacked WordPress sites.
We can:
Assess the damage
Restore from backups
Clean malware
Implement security
Prevent it happening again
It’s not cheap emergency work, but it’s cheaper than the damage an unhacked site causes.
If you need help, contact us. We’ve recovered compromised sites for clients across the North East and beyond.
The Real Lesson
The worst part of getting hacked isn’t the recovery – it’s the stress, the downtime, the potential loss of customer trust.
The best investment you can make is preventing it in the first place:
Keep WordPress updated
Use strong passwords
Have regular backups
Use a security plugin
Monitor for suspicious activity
Do these things and your chance of getting hacked drops dramatically.
If you do get hacked, you now know exactly what to do.
