My WordPress site got hacked. How do I clean it up?
I woke up this morning and my WordPress site was showing a bunch of spam links and weird Japanese text all over the pages. My hosting provider suspended my account. I have a backup from 2 weeks ago but I'm terrified to restore it because what if the hack is in the backup too? What's the safest way to fix this?
1 Answer(s)
Don't panic — this is fixable. Here's the exact step-by-step process I recommend:
Step 1: Don't restore from backup yet. First, identify how they got in. Check your wp-config.php file for suspicious code, check for files you don't recognize in your wp-content/uploads folder, and review your user list for accounts you didn't create.
Step 2: Clean your current installation. Delete all plugins you're not actively using. Change ALL passwords — WordPress admin, hosting, FTP, database. Use 20+ character random passwords.
Step 3: Update everything. Make sure WordPress core, all themes, and all plugins are on the latest versions. Outdated software is the #1 hack entry point.
Step 4: Install security plugins. Wordfence or Sucuri are the best. They'll scan for malware and set up a firewall.
Step 5: Now restore from backup. Your 2-week-old backup is fine as long as you've cleaned the current install first. After restoring, immediately change all passwords again and install Wordfence.
Going forward: enable 2FA, use a security plugin, and backup daily using UpdraftPlus.