10 Necessary things To Do To Recover WordPress After Hack

how do i restore my wordpress website

Have you ever thought about a website hack? Are you worried that your website is hacked? Such type of questions may fret you a lot. You should know how to recover your hacked website. Though WordPress is one the secure platforms to use but still, you should get ready for bad situations.

In this post, I am going to tell you the necessary things to do to recover your hacked website. To make sure that it won’t get hacked again. You should take some security actions to save your website.

Are you thinking about any kind of hack now? Well, just relax and know the recovery process.

How To Recover Your Hacked Website

There are many tools in the online market to use for the recovery of your website. You can use Sucuri or the Wordfence  plugin. But still, you should know all the possible recovery tips.

You all know that after your website has been hacked, you have to restore the backup of your website and the database if that is infected by the malware or the brute force attack. Let me show you some important things to do.

Step 1: – Install an anti-virus on your computer. It is possible that any virus has infected your website from the local system. It is necessary to check and clear it.

Make sure that the anti-virus you are using is the latest version. Whether you are using the Adobe reader or the Photoshop, keep them updated. Even your browser should be updated

Step 2: – Change all the passwords of your accounts. From the WordPress login panel to the FTP account. You have to change the Email password which is associated with your domain.

It’s because hackers may have hacked your website by cracking any of the passwords. To recover from that, you should change the associated password of all the accounts.

Step 3: – Secure WordPress – It’s very important to secure your Content Management System. You won’t like to get infected your whole site. So make sure, you save the rest of your website.

Try to backup your website using any plugin. If you aren’t able to login to your WordPress admin area then use the cPanel to backup your website and the database.

An another method is to use the backup softwares provided by your web hosting similar to Softaculous. And the final option is to use the Filezilla to connect to the FTP server for downloading the backup.

Step 4: – Improve the security – It can be done by many ways. There are many vulnerable areas on a WordPress site to secure.

  • Change the password of your cPanel and make sure that the new password is strong enough.
  • Delete used FTP account. If you are not using any FTP account then delete it. It’s because it may turn out to be a backdoor for the hackers. Change the password for your current FTP accounts.
  • Check Your Redirects. You may redirect any page to another. But if you find any redirection to any unknown page then remove it.
  • If you have an email account with your domain name then make sure that you have selected the right forwarders. It would be good if you delete them and set them again.

Step 5: – It is always recommended that you should update all of your plugins and themes present on your WordPress website. To recover WordPress hack, you won’t like to get it hacked again.

If you are using the older version of the WordPress then forget about it and click on the update option.

Step 6: – Check your .htaccess file – This kind of hack is the redirect hack. You should check the .htaccess file of your website. If you find any malicious code in the file then recover the .htaccess hack by removing the code from it.

It can be done using many types of code. It may be any redirect code or any other kind of malicious code. The code may be injected in the PHP of your website.

For which, you have to check if your website has been hacked with the code injection or not.

Step 7: – Check your wp-admin area – If you’re locked away from the WordPress admin panel or the page keep refreshing then you should recover from it using the .htaccess file or some simple activities may result in it. But still, make sure to protect it by limiting the login attempts.

Step 8: – If you have the doubt that your whole website has been infected then you have to restore it on the server.

Are you still thinking how to recover your hacked website then stop thinking and do the right thing? Delete the WordPress from your cPanel and then re-install it.

Step 9:- Check the wp-config.php file. It may be possible that the hackers have hacked the database. You can check the database credentials from there.

If something is different then remove those lines and add all the credentials of your own website so that you don’t get the database establishing error.

Step 10: – Check the permissions and if you have provided the wrong permission to any of your contributors then correct them. It is always recommended to handle the permissions with care.

You can get HTTP error because of the wrong permissions. There shouldn’t be any carelessness.

How Do I recover My WordPress Website

As I have mentioned above that you can use any online tool or services to recover from a hack or you can hire a professional. To recover WordPress after hack, it is a good idea to hire any WordPress professional. Otherwise, go yourself and follow the steps mentioned above.

You have to check an attack in each step. It may be any injected code or any redirection code. Make sure that you analyze each and every step carefully.

I am sure you won’t ask how to recover your hacked website after going through the possible vulnerabilities and after strengthening that area.

by Ravi Chahar

A WordPress Professional and the LinkedIn Influencer. A coder by passion and a blogger by choice. WordPress theme development is his forte. He is your WordPress guy who will teach you how to solve WordPress errors, WordPress security issues, design issues and what not.

Get Free Updates Into Your Inbox

Learn Everything Just Like I Did



  1. Great points Ravi, Though people webmasters know these points but still many of them don’t apply it.

    Precaution is better than cure.

    Umesh Singh

    1. Hey Umesh,

      People usually fret when their website get hacked. They should try to handle the situation by doing these things. Check the possible hack and try to resolve it.
      The final step is to hire a professional for you.
      Thanks for your input.
      Enjoy the week ahead.

  2. Hi Ravi,

    There sure are a lot of things that need to be done if a site ever gets hacked. It’s a shame that some people have nothing better to do but you have provided loads of great information to recover from it.

    Thanks for sharing your knowledge and the details.

    1. Hi Monna,

      It may not be the common thing that your website may get hacked. But you know, we should be ready for every situation. People just write on their blogs to boost them.
      They should learn more about WordPress to make it secure.
      Thanks for your dropping your input.
      Have a great day.

Leave a Reply

Your email address will not be published. Required fields are marked *