Your WordPress site is getting hacked – What should you do?

Oct 2022

Posted by: Category:Web Design & Development

Getting hacked is the greatest fear of any website owner. No website is immune from attacks even though WordPress is a safe platform. Your site is more vulnerable when you do not take the necessary measures to protect and secure it from hackers. If your WordPress website is hacked, you can still recover some of your lost data and still protect your site from future attacks.

What should you do to secure your wordpress site

How to know your website is hacked

There are times when your site is acting strangely. This does not necessarily mean that you have been hacked. There are different reasons why your website could malfunction including caching-related issues, hosting trouble, software bug, or some other problem. Knowing that your site has been hacked is sometimes difficult but here are some signs.

You cannot log in

One of the signs that you have been hacked is when you are unable to log in to your WordPress site. Sometimes, being unable to log in could be because you have forgotten your password.

Ensure that you reset your password before assuming that you have been hacked. It is a warning sign when you are unable to reset your password. A common sign of hacking is when you can no longer reset your password. This could be a result of the hacker removing your account.

Your site has changed

You should suspect foul play if you see changes that you have not done appear on your site. Replacing the homepage with a static one is a form of hacking. You probably may have been hacked if your site is not using your theme and it looks completely different.

You could have been hacked if your footer contains a link that you did not put there. Still, ensure that you do some checks before assuming that you have been hacked. To be sure that you have not made changes accidentally, check with other site editors or administrators.

Your site is redirecting

There are instances where a hacker will add source code to your site. This is meant to redirect people to a different site when they visit yours. The new directory could be a site where important data and information are stolen from unsuspecting people. In this case, ensure you try all you can to fix the issue immediately.

However, to prevent such from happening, you should use a quality host if you discover that the server you use is insecure. To fix the hack, the switch service provider and manage the situation promptly.

What you should do when your WordPress site is being hacked

Depending on the cause of the hack, you should take the appropriate measure to fix it. More importantly, you should also take steps to prevent your site from future hacks. To stop the same thing from happening again, here are some tips.

1. Make sure all passwords are safe

A common means that hackers use to access other people’s sites is through weak passwords. After you have remedied the situation, ensure that you reset all passwords relating to your site. This must include an admin password and the new password you use must be strong.

A security plugin will ensure that users of your site use strong passwords. The best passwords to use are usually a combination of upper- and lower-case letters, alphabet, characters, and numbers. You can also make your site harder for hackers to gain control of when you add two-factor authentication to it.

2. Keep your site up-to-date

Updating wordpress site

It must be kept up-to-date to prevent your WordPress site from being hacked. Ensure that you run the update of your WordPress site, plugins, or themes. Most times, the updates include additional security patches. You can do updates manually or enable them automatically by installing a plugin for that.

You may want to test update and not set your sites to automatically update itself, then ensure that you have a security plugin that will notify you that you need to run an update. Whenever your site is been updated, ensure that it is done properly. Create backups and test the updates.

3. Avoid installing insecure themes and plugins

Themes and plugins can be a loophole through which your site is hacked. As a result, ensure that any WordPress plugin you install in the future has been tested with the version of your site. You must also be sure that you are downloading them from a secure and reputable source.

Themes and plugins must always be installed via plugin and theme directories. Never attempt to get them from third-party sources. Furthermore, ask for recommendations and check the reputation of a plugin vendor if you are purchasing premium plugins and themes.

4. Clean out your WordPress installation

delete old wordpress installation

In the instance that you have plugins and themes installed on your site but not activated, remove them. Also, delete old WordPress installations of any files in the hosting space you are not using.

You must also delete the database that you are currently not using. Old, dormant installations can be a vulnerability to your server. Delete them as well if you are not able to keep them up to date.

5. Set a firewall and install a security plugin

You will be able to configure the firewall of your site when you have security services and plugins. Having these features will add an extra layer of protection against hackers and minimize the risk of DDoS attacks and hacks on your site.

Additionally, having a security plugin installed in your system will ensure that you get a notification of any suspicious activity. This might be an addition of malicious files to your site or unauthorized logins. Always ensure that you refer to the warning by the plugin to find out and fix any problem.


WordPress is a secure platform but can still be hacked. Hacking is possible when you do not put measures in place to ensure the security of your site. If you are being hacked, find out why and prevent future occurrences by following the tips shared here.

Leave a Reply