How to Fix a Hacked WordPress Site?

It is very stressful when you come to know that your WordPress website got hacked or contains malware. That doesn’t mean it is the end of the world and there is no solution for it. But, if your site is hacked, you need to act quickly to fix it before it is blacklisted by search engines and declared as a dangerous site and you loose your visitors and customers.

How to Fix a Hacked WordPress Site?

So, how to fix a hacked WordPress site or what to do if the WordPress site is hacked? Well, here, I am sharing with you 3 options to fix a hacked site. 

Option 1  – Fix a hacked WordPress site by Doing it yourself

If you have some WordPress knowledge and technical experience, you may able to fix WordPress problems  by yourself with the help of some articles and YouTube videos. This will take you some time to fix your website, but it will give you trust and confidence in yourself to solve your own problems instead of relying on others.

To fix a hacked site yourself,  follow the steps below.

Step 1 – Make a backup of the website and its database before taking another steps. Download and save the backup files in your local drive. 

Step 2 – Restore website from backup: If you are creating backups of your website on regular basis, then you can easily restore your website from the latest backup you have. This is the easiest thing you can do to recover your website and its content without any further damage to your website. If you don’t have a backup, go to step 3.

Step 3 – Identify the hack:  Sometimes, it is easy to identify the hack. Go to the website cPanel and open the File Manager. Visually check the files under Public_html and see it any files have been changed recently. Also check if there are  extra files that don’t belong to WordPress.

If you find that any of WordPress core files of WordPress has been changed, or you spot some extra files, you can delete them completely. Then you can upload afresh version of WordPress core files, except WP-Content. This  will replace all WordPress files and fodders. Make sure not to copy over or delete your current wp-config and .htaccess files.

Now Check if your site is OK or not. If it is till have malware, Go to the next step.

Step 3 – Contact your hosting company:  If you don’t have a backup or don’t know how to restore a website from a backup, the common sense action to do is to contact your hosting provider.  All reliable hosting providers, make regular backups  for all the websites they host. Tell  them about the hacking attack  and they will restore the a clean version of your website.  Once your website is recovered, make sure to install a strong security plugin and scan your website to make sure is free from malware.

Option 2 – Fix a hacked WordPress site Using a Security plugin

If you can login and access  your WordPress dashboard,  you may be able to identify and clean the  malware from your website by the help of  a Security plugin.  

When it comes to the WP plugin to recover hacked websites, you have options of free and paid plugins. You may try free security plugin with malware scanner like WordFence Security or gotmls, or  go for a paid security plugin such as  Sucuri and Malcare. They are designed to scan and clean infected WordPress sites. 

Some security plugins such as malcare, and sucuri comes with a malware scanner that can detect  if the site contains malware or unwanted scripts. 

If you were unable to login to install the plugin, or don’t have time, or afraid to touch the website, then you need to use one of the malware removal services described in the next option.

Option 3- Use Malware Removal Services

There are some websites that specialize in solving all kinds of  WordPress problems including hacked WordPress sites. A quick search on google will reveal some of them. But to save you time here are some of the most popular services: check each one of them  and see which one is the most suitable for your budget. These are paid services but they come with 100% successful solutions.

Fixrunner  offer many services  to WordPress owners including Malware removal,  speed optimization, WordPress maintenance, and custom theme development. The have monthly plans for small businesses and enterprises as well as one time support for $49.00

FixMySite   is  an on-demand technical support service for anything that hat to do with WordPress, from small tasks such as plugin or theme problems to malware removal. They repair a hacked WordPress site for $119, with 100% satisfaction.  The offer 100% money back if your website is not fixed.

Astra specialize in securing WordPress sites from malware and hackers. Not only they clean hacked WordPress sites , but they also provide complete ready to use security suite which provides 100% security against Malware, hackers and viruses, etc. Their Prices starts from $19/Month and they have a Free 7 days trial.


Hacked websites are frustrating, but they can be solved.  It is always possible to recover a hacked website with the help of a professional services or by doing it  yourself if  you follow your common sense, keep clam and act wisely.

Leave a Comment