• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Startup Hero

The Official Blog Of Name Hero

Learn To Fly Above The Competition Get Started
  • HomeWelcome
  • CoursesVideo Training Center
  • About UsWhat is StartupHero?
  • BlogGet the latest
  • Start HereStartup 101
  • SpeakingPodcast & Media
  • ResourcesTools to help You
    • Reselling WordPress Hosting
    • Resell Hero
    • How To Start A Blog
  • NameHeroCloud Web Hosting

How To Clean Up A WordPress Hack

By Ryan Gray on February 21, 2018 3

How To Clean Up A WordPress Hack

There is nothing more frustrating having a hacked WordPress website and not knowing where to turn.

A lot of companies in the hosting industry will simply suspend the account and tell the customer to “fix it.”

In my opinion that only makes a bad decision worse.

Here at NameHero we try to help our customers that face this unfortunate situation as much as we can so they can return to business as usual as quickly as possible.

Preventative Maintenance

Obviously, it’s much better to prevent a hack from taking place.

If you’ve been fortunate enough to never have your WordPress compromised it’s likely you’ve followed these:

  • Use strong cPanel, FTP, Email, WordPress credentials (i.e. passwords with letters, numbers, special characters)
  • Keep WordPress core files updated along with plugins and themes
  • Regularly keep your own backups
  • Use a good WordPress security plugin

I’ve published a lot of good resources on the blog, but here are some helpful articles you should check out:

  • How To Secure Your WordPress Admin Area
  • 6 Simple Tips To Keep Your WordPress Website Secure
  • How To Secure WordPress With Wordfence Security
  • ManageWP Review – How To Manage Multiple WordPress Websites

Nightly Malware Scanning

Here at NameHero we try to help you be proactive by automatically scanning accounts each night for Malware.

When detected, the files are automatically removed, preventing most attacks from going too far (i.e. infecting the entire cPanel account).

However, it’s important to remember the account was still injected with malware, meaning their is a vulnerability in your website that needs patched.

You can follow the below steps to secure your installation.

Before beginning the next steps, it’s important to have a FULL backup of your account.  You can generate this by going to cPanel -> Backups -> Download A Full Backup. 

Replace Core WordPress Files

The first thing you want to do when your WordPress website has been injected with malicious content is to replace your core WordPress files with clean ones.

You can easily download these from WordPress.org and use your favorite FTP program (such as Filezilla) to upload over your current ones.

If you’re not running the latest version of WordPress, it’s important to download the correct version and then immediately upgrade once you can.

Update Themes And Plugins

Once you’ve secured your core WordPress files, and have upgraded to the latest release, you need to replace ALL your themes and plugins with new versions as well.

Most plugins can easily be upgraded inside of your wp-admin under the Plugins menu.  Many of the default themes can be upgraded here as well, but if you have a custom one, you may need to go to the theme developer’s website to download the latest files.

If you have a completely custom theme, you may need to get with your developer to assist you in the upgrade.

Scan With Wordfence

WordFence is a security plugin that has a free version that includes Malware scanning.  Once you have things updated, it’s important to run a scan to see if you detected anything additional.

WordFence will also ask for your email so they can alert you when a plugin/theme/core file needs to be updated. They also have a powerful firewall that will help block some hacking attempts.

Change All Passwords

If your WordPress website has been hacked, you need to assume all of your passwords have been compromised.

You need to change everything:

  • Master cPanel password
  • All email account passwords
  • All FTP account passwords
  • All mySQL user passwords (make sure to update wp-config.php)
  • Your WordPress admin password AND users

When changing, make sure to use a strong password generator and not a random string that could be vulnerable to dictionary-based attacks.

If you have more than one WordPress installation in your cPanel, you should complete the above for ALL of them.

Rebuild The Entire cPanel Account

If you complete everything but still run into malware injections, spam, or other malicious activity, it’s possible the entire cPanel account has been compromised and needs to be rebuilt.

This is a worse-case scenario, but we’ve seen it happen.

You’ll need to first take a full backup of the account (cPanel -> Backups -> Download a full website backup) and then submit a ticket to have our team delete the entire account.  If you have a Reseller account, you can do this on your end.

If You Don’t Want To Do This Yourself

The most cost-effective way to recover from a WordPress hack is to do all of the above steps yourself.

However if you’re not willing (or don’t have the time) our team can do it for you at the price of $75 per hour.  Please submit a ticket and our management team will provide you with a quote then an invoice to begin working.

There are also a number of different third-party services that you can use.  Submit a ticket for our recommendation of a known provider.

How To Clean Up A WordPress Hack

I filmed a video tutorial where I walk you through all of the above steps:

WordPress hacks suck, but if you fall victim, it’s not the end of the world.

Once you recover though, make sure to use some better preventative maintenance so you don’t have to go through it again!

Feel free to ask questions below!

Ryan Gray

Ryan Gray is the founder and CEO of NameHero, one of the fastest growing independent web hosts in the United States. Ryan has been working online since 1998 and has over two-decades experience in Internet Entrepreneurship.

Reader Interactions

Comments

  1. Jarrett Gucci says

    January 16, 2020 at 4:24 pm

    One of the biggest things that you can do to protect your website from future infections is to change all of the password login information that has to do with every single account related to your website. This not only includes the login to your actual website administrative area but also the login details to your hosting company and to your database. Also f you are using any type of extra service that is tied or connected to your website make sure that you change all of the password information to these accounts. If you have other users beside yourself in any of the accounts related to your website you need to also change the passwords on those as well.

    Reply
    • Ryan Gray says

      January 19, 2020 at 10:37 pm

      Yes! It should be assumed that if WordPress has been compromised, they’ve compromised everything. I’d go even further and say change your Gmail, Facebook, etc. , etc. as unfortunately too many people are using the same credentials in multiple places. Use a password manager (Last Pass, One Password), always use two-factor wherever you can (available across all of NameHero), and for the love of God, keep your WordPress core files, themes, and plugins updated!

      Reply

Trackbacks

  1. You're Going To Create Something Awesome And We're Here To Help! says:
    May 30, 2018 at 12:02 pm

    […] How To Clean Up A WordPress Hack […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Connect With Us!

Superhero Resources

Fix Common Issues

  • How To Setup Free And Automatic SSL Certificates
  • How To Setup Cloudflare With Railgun
  • How To Fix Memory Exhausted Errors In WordPress
  • How To Edit PHP Version/Upload Limit/Add Extensions
  • How To Move/Migrate Your Business To Name Hero

Free Guides

  • How To Setup NameHero Hosting
  • How To Create A Web Hosting Business With WordPress
  • How To Start A WordPress Blog
  • How To Migrate WordPress To A VPS
  • How To Speed Test And Optimize Your WordPress Website
  • Magento 2.X Installation Guide
  • How To Clean Up A WordPress Hack

Training

Recent Posts

  • Preventing Malware With WordPress Plugin Updates
  • How To Add A Subdomain In Cloudflare
  • WordPress Should Do More For Core Web Vitals
  • Is it Time to Disable Your RSS Feeds?
  • The Dangers Of FTP – Use With Extreme Care (Or Avoid)!
  • 3 Great Reasons To Use Subdomains
Subscribe in a reader
  • Web Hosting
  • WordPress Hosting
  • Reseller Hosting
  • VPS Hosting
  • Twitter
  • Facebook
  • LinkedIn
  • YouTube
  • FTC Disclosure
  • Earnings Disclosure
  • Privacy Policy

Copyright © 2021 · Smart Passive Income Pro on Genesis Framework · WordPress · Log in