How to Recover a Hacked WordPress Website, and What Steps Should You Take?

Reliqus Marketing

15 November 2023

Wordpress Websites

WordPress is one of the most popular content management systems, powering millions of websites worldwide. Unfortunately, its popularity also makes it a target for hackers. 

Reports indicate that WordPress sites face a staggering 90,000 hacking attempts per minute. 

A hacked WordPress website can be a nightmare. Not only does it compromise the security of your site, but it also puts your reputation and business at risk. 

But fear not! In this blog post, we’ll guide you through the steps to recover your hacked site and ensure it’s secure moving forward.

Whether you’re dealing with a hacked website or want to be prepared for future incidents, this blog post is a must-read. So, let’s dive in and get your WordPress site back on track!

Signs Your WordPress Site Has Been Hacked

Identifying a hacked WordPress website isn’t always straightforward. It often involves keen observation and a good understanding of your site’s functioning.

However, there are tell-tale signs that can alert you of a breach.

  • Unusual Website Behaviour:- Sudden glitches, errors, or unexplained changes in content.
  • Unexpected Downtime:- Frequent or extended periods of website unavailability.
  • Strange User Accounts:- Unauthorized or unfamiliar user accounts appear in the admin panel.
  • Slow Performance:- Noticeable delays in website loading times.
  • Search Engine Warnings:- Google or other search engines flag your site as potentially harmful.
  • Spammy Content:- Presence of unauthorized or irrelevant content on your site.
  • Unexpected Redirects:- Visitors are being redirected to unrelated or suspicious websites.

Identifying these signs early can save you from a lot of trouble and help initiate recovery promptly. For a more detailed understanding, check out our comprehensive guide on Signs of Hacked WordPress Websites. This guide delves deeper into each sign, providing insights on detection and initial steps to take when faced with a compromised website.

However, remember that some signs might not be easily detectable, so professional assistance like that offered by Reliqus Consulting can be invaluable. We provide WordPress website malware removal services at an affordable rate of just $79, ensuring your site’s safety in case of hidden threats.

How to Recover a Hacked WordPress Website?

Knowing your WordPress website got hacked might be scary, but don’t worry. You can take organized steps to regain control and make your online space safe.

Just follow these easy steps to fix your Hacked WordPress Website:-

1. Put WordPress in Maintenance Mode

When dealing with a hacked website, remaining calm and collected is essential. We know that the worst thing you can say to someone who’s panicking is, ‘Don’t panic.’ If the recovery task feels overwhelming, put your WordPress site in maintenance mode.

This action will help to protect your website’s reputation, as visitors will be prevented from viewing the compromised state of your site. For an easy way to switch your site to maintenance mode, consider using a plugin such as Coming Soon Page & Maintenance Mode.

This tool can give you the peace of mind to approach the recovery process methodically, knowing your visitors see a professional maintenance message rather than a site in disarray.

2: Change Your Passwords

Securing your hacked WordPress site starts with resetting all passwords. This includes WordPress, SFTP, database, and hosting provider passwords. Strong, unique passwords are crucial.

Use a password management tool like NordPass to generate complex passwords that are at least 16 characters long and comprise a mix of letters, numbers, and symbols. Remember, “123456” and “password” are not secure choices. Alert other admin users to reset their passwords, too.

3. Update Plugins and Themes

Regularly updating plugins and themes is most important for a secure WordPress website. Outdated elements can expose accountability, paving the way for cyber threats.

However, some updates may require professional assistance to avoid conflicts or potential site breakage. This is where our agency Reliqus Consulting comes in handy, providing smooth and secure updates while you focus on your business.

Therefore, don’t hesitate to seek our expertise if you notice any suspicious activity on your site or if it behaves unusually. With our help, you can keep your WordPress site updated, secure, and running smoothly.

4. Remove New WordPress Users

One common tell-tale sign of a compromised WordPress site is the sudden appearance of unfamiliar users with admin privileges. These uninvited “guests” could have complete control over your website and potentially cause irreversible damage.

If you notice any unfamiliar admin accounts, you must take immediate action. Be sure to remove any newly added admin users that neither you nor other trusted website administrators recognize.

5. Remove Unwanted Files

Often, hackers leave behind files with harmful codes. Use your SFTP or File Manager to access your site’s files and carefully scrutinize them. Delete any suspicious files you do not recognize or that seem out of place.

But remember, exercise caution. Accidentally deleting a critical file could cause your site to break.

6. Use Reliqus Malware Removal Service

If you want professional help, you can opt for our WordPress website Malware Removal Service for $79. Our service provides a comprehensive malware removal and recovery process for your website.

However, if you find this option unaffordable, worry not! Continue reading for alternative, more budget-friendly methods to recover your hacked WordPress website.

7. Clean Out Your Sitemap

Once your site is secure, you need to address your sitemap.xml file. A compromised sitemap can red-flag your site to search engines. Regenerate your sitemap using your SEO plugin. You can create a new sitemap using WordPress plugins like Yoast SEO or Google XML Sitemaps.

After that, use Google Search Console to add your cleaned site and submit a sitemap report. This informs Google your site needs re-crawling. This process can take up to two weeks, and patience is vital.

8. Reinstall Plugins and Themes and WordPress Core

If your site isn’t functioning correctly, consider reinstalling un-updated plugins and themes. First, deactivate and delete them via the Themes and Plugins pages. Remember to put your site in maintenance mode before doing this. Also, consider this a perfect chance to eliminate unused WordPress installations from your site to prevent potential malware attacks.

Always consider the security of purchased plugins or themes. Avoid reinstalling freebies from sources other than WordPress directories. Consider secure, free alternatives available in WordPress directories.

9. Reinstall WordPress Core

If you’ve exhausted all options, it’s time to reinstall WordPress. This is essential if your core WordPress files have been compromised. Remember to upload a fresh, clean set of WordPress files via SFTP, effectively replacing the compromised ones.

Before this, ensure you’ve backed up your wp-config.php and .htaccess files to avoid losing them. Steer clear of auto-installers, which can overwrite your database and result in content loss.

10. Clean Out Your Database if Necessary

This often overlooked aspect is critical, as it’s an ideal spot for hackers to embed malicious code or create backdoors for future access. The trick lies in eliminating these harmful records without disrupting your site. Although you can manually clean the database, it’s risky and time-consuming. One wrong deletion and your website could be damaged beyond repair.

Consider hiring our professional WordPress website malware removal service to avoid such a scenario. Our team will diligently examine your database and identify and remove any unnecessary data or suspicious entries. This not only protects your website from potential threats but also optimizes your site by getting rid of redundant data.

WordPress Security Tips: How to Protect Your Site From Further Attacks

Better safe than sorry” is an old saying that applies to WordPress security. Building a website requires time, money, and energy; a single cyber-attack can bring down all that hard work. 

But fear not; there are steps you can take to make your WordPress website more secure.

Tip #1: Enable two-factor authentication. This extra layer of security requires users to provide two forms of identification before they can log in, making it harder for hackers to gain access. 

Tip #2: Invest in a firewall solution and SSL certificate. A firewall protects your site from malicious attacks, while an SSL certificate encrypts data, providing a secure connection between your website and your users.

Tip #3: Choose the best WordPress website maintenance company. Our companies often provide ongoing monitoring, regular backups, and quick response to security threats. We can also handle updates, optimize website performance, and troubleshoot issues promptly. 

For more advanced security tips, refer to “Top 7 Tips To Fix Hacked WordPress Websites”. Taking proactive steps to protect your website is essential in today’s digital age, so implement these security measures before it’s too late.


It’s essential to realize that keeping your WordPress website secure isn’t a one-time task but an ongoing effort. Following the steps above and taking necessary precautions can significantly reduce the likelihood of falling victim to future attacks. 

Nevertheless, there’s no one-size-fits-all solution in cybersecurity, and even with the most robust precautions in place, you may still face a security breach. If you’ve tried all the steps above and are still struggling, fear not – Reliqus Consulting is here to help. 

For a reasonable fee of $79, our team can help you recover your website, no matter the severity of the hack. We pride ourselves on our proven track record of recovering hacked websites, even in the face of the most intense attacks.

Remember, in cybersecurity, preparation and knowledge are your best weapons. 

Call:+1 (424) 999-8252

Latest from the blog

Amul Marketing Strategy & Case Study – How it Became The Taste of India

Amul, a brand synonymous with quality dairy products, has captured the hearts and minds of Indian consumers through its innovative and effective ...

How to Set Up a Google Ads Account Without a Campaign?

Google Ads is a powerful platform for businesses looking to reach their target audience and increase their online presence. However, diving strai...

25+ Best SEO Rank Tracking Tools To Track Your Keywords Ranking

Tired of the weekly grind of manually checking your website’s search rankings? Do those Google Sheets filled with keyword positions from Go...

25+ Best WordPress SEO Plugins for Website Optimization (Free & Paid)

When it comes to optimizing your website for search engines, having the right SEO tools can make all the difference. And for WordPress users, the...