Being hacked is something that no developer or site owner wants to deal with. While WordPress is considered a secure platform, it’s also a target due to its popularity. If a client’s site is hacked, it can compromise users’ personal information, infect their devices with viruses, or even result in you losing your client.
While being hacked is a serious situation, it doesn’t mean that your client’s website is a lost cause. It is possible to recognize the signs of a hacked site, and even recover it if you know what to do. By acting quickly, you can prevent further damage and hopefully thwart additional attempts.
In this article, we’ll share some signs that a site may have been hacked. Then we’ll show you how to recover your WordPress website in five steps. Let’s get started!
Identifying when a site has been hacked
The signs of a hacked website can be glaringly obvious or more subtle, so it’s essential to learn how to recognize them. It might also help if you educate your clients on what to look for, so they can alert you to any suspicious activity.
If you’re unable to log in to the WordPress admin dashboard, it’s possible that the site has been hacked and the password changed. In that case, it’s likely that you’ll need to restore the site from a backup to be able to access it again.
The presence of spammy links on a website can also signal a problem. These links will often send users to dangerous or possibly offensive websites that can damage your client’s reputation.
If your website’s URL is redirecting to a different site, that’s a pretty sure sign that it’s been compromised. You may not notice this right away, as it’s possible that not every page will redirect.
Google may mark a website as insecure before you realize there’s a problem. If you see that this has happened, you’ll want to investigate further to try and identify the issue:
Finally, if you see users you don’t recognize, you may want to be sure they’re legitimate. This is especially true for new users with the ‘admin’ role.
How to recover a hacked WordPress site (in 5 steps)
If you do see that a site has been hacked, you’ll want to get to work right away to recover and secure it. Here is a five-step process you can follow to do that.
1. Restore the site from a backup
Having a recent backup at the ready can save you from having to rebuild your site from scratch. Creating a backup with ManageWP is quick and easy, so you may want to make one now while you’re thinking about it.
To do so, hover over the site in your ManageWP dashboard and click on the View Backups button:
From this screen, you can immediately back up the site by selecting Backup now:
This article was written by Will Morris and originally published on ManageWP.