Let’s say you’ve got your WordPress web site hacked. What to do?

Today, one of my clients’ websites got hacked. The homepage was a simple text message, no page was accessible.

What are the steps to make it back again the way it was before?

  • Download WordPress from WordPress.org web site and put it again.
  • Update the database, if/when requested.
  • Recreate wp-config.php from wp-config-sample.php.
  • Temporarily set a different theme (you will put it back again, of course).
  • Check in admin if the widgets section of the web site has a malicious code (it was the case at my client’s web site).
  • Check the homepage / other pages for malicious codes.
  • If you have a database back-up, recover it from there.
  • If there is still a problem with the site being hacked, recover all the files in wp-content folder from a back-up.
  • Change the passwords of:
    • WordPress admin / other admin-class users.
    • CPanel.
    • (if different than CPanel) FTP users.
  • Install security plugins (more than one).


I am a Digital Marketing freelancer.My expertise is in SEO (Search Engine Optimization) / UX (user experience) / WordPress.Co-founder of lumeaseoppc.ro (series of events on SEO & PPC) and cetd.ro (Book on branding for MDs).On a personal level, I like self-development - events, sports, healthy living, volunteering, reading, watching movies, listening to music.

No comments yet.

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.