What To Do When Your WordPress Website Gets Hacked

Backlit keyboard

Now sooner or later you will have to deal with this, if it is your website, a friends, or even a clients. Sooner or later you will run into your website getting malware installed on it or in the sql database. Never fear there are a few precautionary steps you can take to avoid such a headache.

1. Hosting Security

Now many hosting providers from godaddy to bluehost do offer a protection plan from a company called Sitelock. I would highly suggest getting this before anything bad happens cause Sitelock will provide daily scans of your websites files and even the SQL database to make sure you are not going to get attacked or injected with a malware attack. This is a must when you have a ecommerce website or anything that deals with credit card information. You must have security and get as much as you can get. This is definitely something you should never take lightly. Some platforms like WPengine, it comes standard which is why its more and it is round the clock with daily back ups and scans. Even if it adds a extra 100 dollars a year to the bill it will be worth your time and money.

2. Password Fail safes

Now never ever let your password be simple. And never use numbers or letters in a sequence. Aka apple123. That is just stupid and beyond simple. You always want to have it be some kind of phrase or something that is beyond encrypted with random captical letters, numbers and symbols. And have that for your FTP, SQL connections and wordpress admin login. Also one thing you should definitely add, are capachka on login or a math problem to help prove someone is human. Also having a login limit can definitely keep people from trying to hack into your wordpress.


3. WordPress Security Plugins

There is always a few other security steps you can take. There are many good wordpress security apps you can download like wordfence security, better wordpress security and definitely a few others. I would highly suggest installing one of the security plugins to help you protect yourself.

Now what if something happens and you don’t have any of these things….Well this is where things get fun.


If you are using godaddy you can purchase site lockl to help you protect yourself, if your website gets flagged for hard malware and security issues. Then you will NEED to purchase the premium version of site lock. no if’s ands or butts. What it will do is scan your website which could take a few days to actually get it back up, and after it gets back up be SURE to not forget to submit back to google that your website has been fixed otherwise it will get flagged and pushed down in the searches or worst just taken off. This will definitely be the easiest way and the most cost effective. Now if your hosting provider doesn’t have some kind of site lock or protection or back up plan then this is where things go from bad to worst.

You will have to download the ENTIRE website to a secure file system. You will then need to scan it all for viruses. ALL OF IT MULTIPLE TIMES. Now you will also need to download the SQL database and check it all for anything that looks insane. AKA code injected in. You will also need to be sure to change the FTP login, the SQL database and login, and finally all wordpress accounts. I have encountered a few hosting platforms that have no security and lets just say they are cheap for a reason.

I have to say eventually everyone runs into this issue eventually. I definitely say its something that you will run into. Just remain calm and go into it with a calm head and try to remember to back up your stuff when you can, pay that extra money for the added security and auto back ups. It will save you time and headaches in the future.