WordPress is often hacked through vulnerable scripts. We still call it hacking because there has always been someone who wrote an automated script, and their advertisements appear on your website due to the hack. In fact, it’s more automation than hacking, as the script works 24/7 without the hacker being involved anymore.
But once you have an advertisement or your website is sending spam due to the hack, it’s important to get rid of it.
Restoring the hacked website
You can follow this step-by-step guide to restore your hacked website:
- First, make a backup of all data and the database
The data includes the entire www/httpdocs folder.
You can often export the database through phpMyAdmin or using a backup plugin.
- Try to update as much as possible
Download WordPress and manually upload it to the server (using an FTP program). Also, replace the plugins with new ones and, if possible, the theme.
Note: Updating the theme may sometimes cause style changes. Only consider this if you have the necessary knowledge to adjust the settings/style.
- Check your server for backdoors and unwanted files
A hack never comes alone. Besides the modifications to your website through advertising injection, there are usually files and codes (see WPbeveiligen detection tool) on the server that allow the hacker and their script to regain access to your website.
- Check all plugins and themes for vulnerabilities
You can do this using this website.
If your plugins contain vulnerabilities, it’s recommended to use alternatives.
- Secure your WordPress website
The hack has entered your website, and without security, it will happen again.
Install a good security plugin on your website and configure it.
- Afterwards, verify that your website is fully restored
You can do this through webmaster tools or using the Sucuri malware scan.
It’s a significant task that requires knowledge and patience. If you’re unable to do it, you can contact us. We restore WordPress websites on a weekly basis and provide a guarantee for our services!