{"id":750,"date":"2022-06-13T08:27:06","date_gmt":"2022-06-13T02:42:06","guid":{"rendered":"https:\/\/yoho.cloud\/blog\/?p=750"},"modified":"2022-06-27T09:41:23","modified_gmt":"2022-06-27T03:56:23","slug":"how-to-recover-wordpress-hacked-websites","status":"publish","type":"post","link":"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/","title":{"rendered":"How to Recover Hacked WordPress  websites ?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#My_WordPress_Website_is_Hacked_What_should_I_do\" >My WordPress Website is Hacked. What should I do?<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#First_of_all_Check_for_Signs_of_websites_being_hacked\" >First of all, Check for Signs of websites being hacked!\u00a0<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#You_cannot_log_in\" >You cannot log in\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#Your_website_has_changes_you_never_made\" >Your website has changes you never made<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#Your_website_is_redirecting\" >Your website is redirecting.<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#What_should_you_do_when_your_WordPress_website_is_hacked\" >What should you do when your WordPress website is hacked?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#Step_1_Calm_down\" >Step 1: Calm down<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#Step_2_Put_your_website_into_maintenance_mode_and_reset_your_password\" >Step 2: Put your website into maintenance mode and reset your password<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#Step_3_Remove_Users_and_Unwanted_Files\" >Step 3: Remove Users and Unwanted Files<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#Step_4_Clean_out_your_sitemap_and_resubmit\" >Step 4: Clean out your sitemap and resubmit.\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#Step_5_Re-install_the_necessary_files\" >Step 5: Re-install the necessary files<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/yoho.cloud\/blog\/how-to-recover-wordpress-hacked-websites\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"My_WordPress_Website_is_Hacked_What_should_I_do\"><\/span><span style=\"font-weight: 400;\">My WordPress Website is Hacked. What should I do?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><span style=\"font-weight: 400;\">We are in a digital era, and in this era, everything is done online. Whatever you seek, it can be done online, be it for entertainment, information or business. This means that anyone with something to provide has a website and needs website builders. Did you know that over 43% of global websites are built through WordPress? Considering that there are over 1.93 billion websites worldwide, this is over eight hundred million. This is a huge number of websites built through WordPress, and the number is still on the rise.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Considering the sheer quality, it is natural to assume that many websites built through WordPress have been hacked. This is not an unbiased assumption either. Hackers search for any websites that can be hacked, and some of the affected ones are bound to be WordPress Websites.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">What if you are among these people. What should you do?\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"First_of_all_Check_for_Signs_of_websites_being_hacked\"><\/span><span style=\"font-weight: 400;\">First of all, Check for Signs of websites being hacked!\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Before you panic, you should check for the signs of websites being hacked. The good news is that it is fairly easy to check if your website is hacked or not. All you need to have is a good eye for detail and a bit of technical knowledge. That said, sometimes, you simply have an issue within the website without it being hacked. So always do a second check before you jump to conclusions.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Following are some of the most common signs of your WordPress website being hacked<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"You_cannot_log_in\"><\/span><span style=\"font-weight: 400;\">You cannot log in\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Unable to log in is not necessarily a sign of your WordPress website being hacked. Sometimes you may simply forget your password. Another non-hacked reason you may fail to log into your site is if your browser has deleted your saved access password. So always ensure that you have entered the proper user ID and password before jumping to conclusions.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">However, if you are 100% sure that your ID and password are correct and still cannot log in, it&#8217;s a sign that your WordPress website has been hacked.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Your_website_has_changes_you_never_made\"><\/span><span style=\"font-weight: 400;\">Your website has changes you never made<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Regardless of the updates, your website will not change unless you change it. Even if there is an update in the version of tools you are using within the website, they will not make changes to your website unless you allow them to.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">So if you access your website and see changes that you did not make, then there is a good possibility of your website being hacked.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Your_website_is_redirecting\"><\/span><span style=\"font-weight: 400;\">Your website is redirecting.<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Unlike the previous two, it is hacked if you try to view your website and redirect to some other pages.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">These are signs of someone hacking your WordPress site that is directly observable. However, you can also see indirect signs. If you google for your WordPress website and it shows a malware warning, or if your browser warns you of malware when you try to access your website, then there is a good chance that your WordPress Website is hacked.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_should_you_do_when_your_WordPress_website_is_hacked\"><\/span><span style=\"font-weight: 400;\">What should you do when your WordPress website is hacked?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">After confirming that your WordPress website was hacked, it was not just some error on your side; you can proceed to the recovery process. The gist of the recovery process is rather simple. You remove all the unnecessary data and re-install the needed ones. Since you are the website owner, you should have the necessary tools and resources.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Let&#8217;s talk about the steps to recover your WordPress website.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_1_Calm_down\"><\/span><span style=\"font-weight: 400;\">Step 1: Calm down<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">This is the most important step you must follow to recover your WordPress website. Just because it has been hacked doesn&#8217;t mean it is a complete loss of your website. If it is detected early enough, there will not be much damage.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">While we understand that you will be anxious, you can only follow the necessary steps by staying calm. If not, you can make the problem worse by panicking.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_2_Put_your_website_into_maintenance_mode_and_reset_your_password\"><\/span><span style=\"font-weight: 400;\">Step 2: Put your website into maintenance mode and reset your password<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">This should be somewhat of an obvious point, but you do not want visitors when your website is compromised. Therefore, if you can access your website, you should put your website into maintenance mode and prevent the users from accessing your website.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">You can do this through various plugins and configure the Maintenance mode page as you wish.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Once you are done with this, reset your password immediately. This is not just about <\/span><a href=\"https:\/\/yoho.cloud\/blog\/reset-wordpress-passwords-using-phpmyadmin\/\"><span style=\"font-weight: 400;\">resetting your WordPress password<\/span><\/a><span style=\"font-weight: 400;\">. You should reset your SFTP password, Database password and your password with your hosting service provider. Along with this, you should also reset the passwords of all your website admins.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">This should not be an issue if you can still access your website, which you will be able to in most cases of being hacked. Hackers prefer your website to be operational so they can use your visitors.\u00a0<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_3_Remove_Users_and_Unwanted_Files\"><\/span><span style=\"font-weight: 400;\">Step 3: Remove Users and Unwanted Files<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Before proceeding with this step, ensure you know who the authorized users are. Have a chat with them and ensure they have not changed their login credentials and account details. If you find an odd user, remove them from your website. For this, you should<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">go to the user&#8217;s screen.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click the administrator link above the users.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click on the check box next to the fake user and select delete in bulk actions from the drop-down menu.\u00a0<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">After removing the unwanted user, you should check your WordPress installation file. For this, you should install a security plugin that allows you to scan your website. If your WordPress website is hacked, then there will be unwanted files that you can delete.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_4_Clean_out_your_sitemap_and_resubmit\"><\/span><span style=\"font-weight: 400;\">Step 4: Clean out your sitemap and resubmit.\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Technically this is an &#8220;if&#8221; situation, and you can skip this step if you know what you are doing.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Sometimes the hackers only target a specific part of your website and hack the sitemap.xml file. Other times they target the entity of your website, which includes the sitemap.xml file. Regardless, search engines will red-flag your WordPress website if this file is hacked. Clean out this file.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Once you are done, you need to tell google that our site has been cleared and generate a sitemap using a SEP plugin. After this, add your site to google console and submit the sitemap for google to crawl.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">You need to be patient here since this process can take up to two weeks.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Step_5_Re-install_the_necessary_files\"><\/span><span style=\"font-weight: 400;\">Step 5: Re-install the necessary files<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">By this point, you should have removed all threats to your WordPress website. So it&#8217;s now time to install all the necessary files, including the WordPress plugin and themes.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Ensure that you are installing plugins from a trusted vendor.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">You will need to re-install the WordPress core if nothing else works. This is not a common case since hackers usually do not infect all of your WordPress core files. However, if it doesn&#8217;t happen, update a clean set of WordPress files to your site through SFTP while overwriting old files.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><span style=\"font-weight: 400;\">Conclusion<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">When we hear about a website hacked, we often think about the entire site changing or being fed some random screens. However, the reality is often disappointing compared to movies and much more dangerous. Hackers only infect a small part of a website and usually go unnoticed unless you are extremely cautious. For the hackers, your website is a free money-making machine and a treasure of information.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">The longer they go unnoticed, the better it is for them. This is also where you can take direct action. Since you will be able to access your WordPress, you can take action before things get worse.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">So we recommend you to use secure <\/span><a href=\"https:\/\/yoho.cloud\/wordpress-hosting\/\"><span style=\"font-weight: 400;\">wordpress hosting<\/span><\/a><span style=\"font-weight: 400;\"> for your wordpress site from one of the <\/span><a href=\"https:\/\/yoho.cloud\/wordpress-hosting\/\"><span style=\"font-weight: 400;\">best and cheap hosting provider in Nepal.\u00a0<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>My WordPress Website is Hacked. What should I do? We are in a digital era, and in this era, everything is done online. Whatever you seek, it can be done online, be it for entertainment, information or business. This means that anyone with something to provide has a website and needs website builders. Did you [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":763,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,39],"tags":[],"class_list":["post-750","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-wordpress"],"_links":{"self":[{"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/posts\/750","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/comments?post=750"}],"version-history":[{"count":2,"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/posts\/750\/revisions"}],"predecessor-version":[{"id":752,"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/posts\/750\/revisions\/752"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/media\/763"}],"wp:attachment":[{"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/media?parent=750"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/categories?post=750"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/yoho.cloud\/blog\/wp-json\/wp\/v2\/tags?post=750"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}