My website was hacked and I don't know how to fix it.
Someone hacked my WordPress site and changed all my pages to some crypto scam. Google flagged it and my traffic is at zero. My hosting company locked my account. I have a backup but I'm scared to restore it. How do I clean this up and make sure it never happens again?
1 Answer(s)
This is stressful but totally fixable. Follow these exact steps:
1. Don't restore your backup yet. First, figure out how they got in. Check your wp-config.php for weird code at the bottom. Check wp-content/uploads for files you didn't upload. Go to Users in WordPress admin and delete any accounts you didn't create.
2. Change EVERYTHING. WordPress admin password, hosting password, FTP password, database password. Use a password manager to generate 20+ character random passwords.
3. Update everything. WordPress core, theme, all plugins. Outdated software is how 90% of hacks happen.
4. Install Wordfence. Run a full scan. It'll find malware and help you clean it.
5. NOW restore your backup. Use a backup from BEFORE the hack. After restoring, immediately install Wordfence and enable 2FA.
Going forward: Use a security plugin, enable 2FA, limit login attempts, and use Cloudflare (free) in front of your site. Back up daily with UpdraftPlus.