Nowadays, there are millions of bots and hackers looking to invade websites to steal user data and other resources. Below is a list of indicators that can help you detect a WordPress hack:
This tutorial requires an offsite backup. In the future, you should use a plugin like Updraft which allows offsite storage of back-ups.
- Site redirects to spammy websites.
- Cannot access the admin dashboard.
- Email notification from either your hosting provider or Google (or both) flagging malicious activity on your site.
- Unrecognised posts, pop-ups or links on your website.
- Suspicious users on your website.
It is important to note all your website’s symptoms because this information is essential when contacting your web hosting company.
Get your Site Back
Off-site backup – This is a website backup that is stored on a different server e.g. Google drive or a local machine. If your back-up was stored on your website (on-site back-up), there is a high probability that the files are compromised. I would not recommend using these back-ups.
1. Identify the point of entry. To avoid the same hack in the future, you need to determine the loophole utilized by hackers on your site. Coordinate with your hosting provider to get to the bottom of the breach.
2. Delete all the files in your web directory. You can use any FTP client or Cpanel for this operation.
3. Upload your backup files onto your root directory. Make sure you do not include the database files.
4. Create a new database and import your backup database files. I recommend using the Cpanel if your web hosting allows Mysql operations. Another great option is phpmyadmin, which is used in this tutorial. Note that database files have a .sql extension.
5. Now you need to import your backed up database onto your newly created database.
6. Attach your .sql file here then press the go button at the bottom-left side of the page.
7. Finally, you have to edit the wp-config.php or the wp-config-sample.php file. Find the below lines of code and modify them accordingly.
You should now have your hacked website fully restored and operational.