What to do if your WordPress website gets hacked

WordPress has gotten very popular and also has become the target of would-be hackers. I have learned first-hand what it is like to have a WordPress website get hacked, how to deal with it, and how to prevent it from happening again. The good news is – it’s easy to recover from a hack if you have the right tools.

What may be undesireable news is that as the owner of your WordPress world, you really do need to take security seriously by reading up on it and taking the necessary actions to protect your websites and your computers from being infected by malicious code.

Here is my story:

One day, I went to look at one of my websites that I don’t update very often and to my surprise, there was just a white background with bits of code and some Japanese characters. I immediately got in touch with my web host, Dreamhost, and sent a support ticket. My ticket was referred to their security department and while I was waiting for their response, I went over to Sucuri.net and created a ticket there where I have a paid account for dealing with this type of situation.

While I waited for help from Dreamhost and Sucuri, I set to the task of restoring my site. I discovered my site had been down for 5 days and I didn’t even know it. I had kind of a sick feeling in my stomach as I fetched a backup from my cloud storage and thought about the negative impression this could have had on site visitors.

Sucuri responded fairly quickly with a report and recommendations for how to clean up the hack. To restore my site, all I needed to do was replace the wp-config.php file with a non-corrupted version. That was easy since I had a backup. I restored my site using FTP in a matter of seconds.

Dreamhost also responded with even more detailed guidance on how to clean up the mess and how to prevent this from happening again.

The work ahead of me was to go through the process of cleaning out old WordPress installs under that FTP user, updating all of my active sites, changing the FTP user password (and giving the user Shell access which is more secure), then purchasing an anti-virus program for my computers to make sure I didn’t “catch anything” from the web. I bought Kaspersky for Mac for $19.97/year, which detected 99 threats on my iMac (most of which were Windows-targeted and did not affect my machine that I am aware of).

This whole process took my about 2 days from start to finish. Once it was all said and done, it was quite a relief to know that my websites and machines were clean. So to save you the hassle of getting hacked, here are my top 3 security guidelines to follow with your WordPress websites:

1) Keep all of your WordPress software up-to-date, not just the core, but also the plugins and theme you are using. Delete any unused plugins or themes you do not need. Use BackupBuddy to backup regularly, store and restore your site (if needed). This means you will need to log in regularly and pay attention to the update notifications.

2) Use a secure password for your admin user and for your FTP user. Store your secure passwords securely – keep them in a spreadsheet saved on your computer or a USB stick (and don’t name it, “My Passwords”). Change your passwords from time to time.

3) Use Sucuri.net to routinely scan your site and to alert you if malware is detected. The investment is small compared to the amount of time you would spend monitoring and fixing things yourself. Sucuri will clean your site and give you help with preventing a future hack.

There is much more to know about WordPress security so I highly recommend you also read this guest post on ProBlogger.com by Anders Vinther of The WordPress Security Checklist. I like how he compares having a WordPress website to having a dog – it is a real responsibility that needs regular attention!



  1. Thank you Cat, this information is so important. Best to be aware of this and be pro-active before it happens. I noticed that Google put a notice on my site. Checked out fine, but it was a reminder to not be passive about your site.

Leave a Reply