Help my WordPress has been hacked!

Help my WordPress has been hacked!
datum-geschreven 10 Sep 2023

You may have spent a lot of money to have a website built for your business in WordPress.
Or you have invested a lot of time yourself to set up a website with WordPress.

And then.. your WordPress website is suddenly hacked

How is that possible?

  1. Is the WordPress website not well made?
  2. Is someone targeting your website?
  3. Has the credentials been leaked?

99.9% of all WordPress websites are hacked by a virus, script or malware

These are programs that test and hack thousands of websites at the same time. Without even one person involved.

Is WordPress that leaky then?

No, WordPress is not the problem.

The problem is the plugins that are used.
The plugins are not always updated and the programmers do not always keep the plugins secure.

Plugins are often the cause of your hacked WordPress website

Hackers can download many plugins for free and test them for security vulnerabilities.

When hackers have found a security vulnerability in the plugin, they write a script that checks large numbers of WordPress websites every day for the presence of those plugins, after which an injection or command takes place through that plugin.

Viruses can perform injections and commands via plugins (Technical)

Injections? Assignments?
Those are the terms that describe how a virus, script or piece of malware works.

The injection
Via the leaky plugin, all unwanted data is injected into your database or on the server in one go.
It only takes a virus 1 second to put advertising in ALL your pages and posts – hence the injection.

The assignment
A virus can give commands to the server via a leaky plugin. In this way, various files containing malware can be placed.

Think of malware that encourages your server to spam other websites or email addresses of people.

My WordPress website has simply been hacked, what can I do?

You must reverse the consequences of a hack, then you must secure the WordPress website so that it cannot happen again.

We do this 7 days a week, we remove the hacks and secure WordPress websites for a fixed affordable rate.
With warranty. Click here if you want your website quickly repaired and secured by WordPress professionals.

wordpress zelf herstellen

repair wordpress yourself

Repair your hacked WordPress website yourself

The step-by-step plan to restore your hacked WordPress website:

  1. Determine the date your website was hacked
    When was the aforementioned injection or command executed?
    You can see this from the modification date of files on the server, if that is not clear you can use your own insight.
  2. Restore a backup of at least 1 week before the hack took place
    You may be able to restore a backup from when your website has not yet been hacked.
    Some web hosts store backups of your website, sometimes 1 week but sometimes 1-2 -3 months.
    Keep in mind that a backup is a step back in time, so news items, users, woocommerce purchases and the like are NOT up-to-date with the old backup. Therefore, make a backup of this moment before you restore 1.
  3. Check the website for suspicious files and activities & back doors
    – Check which files are on the server, whether they belong there.
    – Check which users have administrative rights and whether this is correct.
    – Remove back doors.
    Backdoors are regularly installed, even before a hack actually becomes visible. That backdoor is literally an open door for the malware to be able to execute the injection and commands again.
  4. Update your WordPress, plugins and theme
    Make sure everything is up to date.
    TIP: We often completely replace the plugins and WordPress completely on the server for new downloads, so you can be sure that there are no unwanted files or lines of code on the server.
  5. Submit your website to Google webmaster tools
    In Google’s webmaster tools, go to the security center and see if the website is not known as hacked there.
  6. Check your website for free at Sucuri
    Scan your website with the Sucuri Malware Scanner

Is your hacked WordPress website now hack-free?

If your hacked website is now hack-free and you are sure that hacking bots cannot access your website, the protection begins.

  1. Check your plugins for security vulnerabilities
    On is a search tool that can help you find out if your plugins are currently leaking. Or that they have often been hacked in the past. If a plugin is unsafe, choose an alternative.
  2. Install and configure a security plugin
    A security plugin stops many hacking bots. It is important to set it up properly, so take your time.
  3. Monitor your website weekly or at least once a month
    Check the security logs of the server regularly to see if everything is still going well.

Don’t have time to check your website?

To read the logs? To do Google webmaster tools or other scans?

Leave that to us! We take care of your WordPress website for an affordable monthly rate.
We work with WordPress 7 days a week, for more than 10 years.

Choose convenience and security: Let us secure your WordPress website.

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties