If you suspect your WordPress website has been hacked, it’s essential to act quickly. Signs of hacking might include unusual redirects, unexpected ads, or unknown files appearing on your site. Here’s a straightforward guide to help you scan, clean, and secure your website to prevent WordPress hacking.
Table of Contents
Scan to Check WordPress Hacking
The first step is to scan your site to confirm any malware or vulnerabilities. There are many hacking scanner but in this guide we are using sucuri scan, Simply go to the Sucuri site scanner and enter your website’s URL. Once you initiate the scan, Sucuri will analyze your site’s code and report any malware, blacklisting status, or other security issues. If malware or security threats are detected, it’s a clear indication that your website has been compromised, and you’ll need to proceed to the cleanup steps.

Before you do anything, always take a backup of the website. If anything goes wrong, you will need to restore your website to its original state.
Cleaning Your Site through the WordPress Dashboard
If your website is still accessible, log in to the WordPress dashboard. Start by installing a reliable security plugin, like Wordfence.
To do this, go to the Plugins section, click on “Add New,” and search for “Wordfence Security.”

Install and activate this plugin to help you scan your files directly from the WordPress dashboard.

First time it will ask you to install license you can use this license key:
b0103f074492d7f62d0c6d24e413d33320e98f694e419e9f45da47c9a53ced0e8db2e66f7d53a42a7de533aff6cbb3ceedaee4b88ad5b1193a14774505df8054
This activation key is made for testing purpose if you want create your new free license key please go to wordfence website and create a licence.

Once activated, open Wordfence, go to the “Scan” section, and initiate a full scan.

This scan will help you locate any infected files, malware, or vulnerabilities, pointing you directly to areas that need attention.
Fix Detected Malware or Vulnerabilities From Site
After the scan is complete, Wordfence will list any issues, which might include infected files, plugins with vulnerabilities, or suspicious code in certain directories.

If Wordfence finds any security issues, it will show them here. However, in our case, we don’t have any vulnerabilities on this site, which is why all the reports are marked as good.
If you find any malicious files, use an FTP client or your hosting provider’s file manager to access your site’s files. Alternatively, you can click on “Repair All Repairable Files or Delete All Deletable Files,” but be cautious—this option can be dangerous. Sometimes, it may delete your theme or plugin files or code, which could break your website.
So, for safety, choose the server-side cleanup method.
Follow the directory paths flagged by Wordfence, and carefully delete the infected files or compromised plugins. It’s essential to remove these items accurately, as leaving any malicious code may allow hackers to regain access.
Rescan and Check .htaccess File
Once you’ve removed all flagged files, perform another scan with Wordfence to confirm that no issues remain. If problems still persist, check your .htaccess file in the root directory of your WordPress site (usually in the public_html
folder). Hackers often target this file, so delete it if you suspect it’s compromised.
WordPress will automatically regenerate it as needed. This step can resolve many redirect issues and prevent malicious redirects.
Clear Cache on Cloudflare or Another CDN
If you are using a CDN service like cloudflare make sure to purge all cache, to do that login to your CDN dashboard go to page setting and look for Cache and select Purge Cache.
Clearing the cache ensures that visitors won’t see compromised versions of your site and can help you verify that the site is fully clean.
If Your Website is Inaccessible
In some cases, your website may be so compromised that you cannot access the WordPress dashboard. In this situation, return to the Sucuri scan results and review the file paths where malware was detected.
Use FTP or your hosting provider’s file manager to locate and manually delete any malicious files.
Pay special attention to key directories like wp-content
, wp-admin
, and wp-includes
, as these are common targets for hackers.
Additional Security Tips
After your website is secure, it’s essential to take a few extra steps to prevent future attacks. Update all themes, plugins, and WordPress core files, as outdated software often provides entry points for hackers.
Also, set up regular backups, either with a plugin like UpdraftPlus or through your hosting provider, so you can quickly restore your site if necessary.
Finally, keep your security plugin (like Wordfence or Sucuri) active to monitor your site’s health continuously.
Conclusion
By following these steps, you can effectively remove malware from your WordPress site and enhance its security to prevent future attacks. Regular scans, software updates, and strong security practices are essential for keeping your site safe in the long run.
Leave a Comment