2- How to recover hacked WordPress website in 2022 | WordPress Security Guide Step by Step
By : Farooq Shah
Publish Date : September 28, 2022

Part 2 of WordPress Security Guide Step by Step 2022. Let’s recover and fix hacked WordPress Website. In part one, we scanned to identify and audit backdoor intrusions, malware and hacking symptoms.
Step by Step Approach to fix the hacked site
REMEMBER: Hacker-type-predators can easily hunt the site down because of the possible vulnerabilities at PC / Website and Web Server Level.
Step # 01 – First Things First. Try not to stress too much. Bad Things happen all the time.
Step # 02 – If you can login the admin dashboard, install a plugin to put the site in maintenance mode immediately. Some hosts offer the same for free. If you can’t login, use the cPanel Credentials to access. Discuss with client in prior if you’re hired to fix hacked WordPress Website.
Step # 03 – Use a plugin to backup WordPress Installation. Download and keep it safe in your external drive. Or use the cPanel’s built in Backup Manager Wizard and download the backup files.
Step # 04 – Install two plugins immediately i.e., Limit Login Attempts Reloaded & Change wp-admin login URL.
Step # 05 – In the WP Admin Dashboard, click on settings. Go to General Settings and check email and site address etc. If you can’t login, use phpMyAdmin via cPanel. Go to options / users table. Do the stuff.
Step # 06 – In the Admin Dashboard, click on Users. Delete all extra / suspicious users.
Step # 07 – Delete all inactive / fake plugins & themes etc. Update everything from Admin Dashboard before you go the manual path.
Step # 08 – Use cPanel’s upload feature to upload fresh copies of WordPress Core/ theme / plugins etc in zipped format. Delete old directories. Unzip in the same directory. Or use FTP / SFTP. Upload. Unzip. Delete or replace old files. Delete extra files in the root directory. Check all relevant directories.
Step # 09 – Install Anti Malware by GOTMLS. Scan. Delete suspicious files. There are other plugins, but I recommend this for a reason. It does the job nicely.
Step # 10 – Login cPanel. Visually checksum files. Check newly uploaded files. Examine log file.
Step # 11 – Go to phpMyAdmin. Optimize / Repair Database. Be very careful. Newbies can use plugins. Delete junk entries / leftovers / transients etc.
Step # 12 – Open wp-config, .htaccess and robots.txt in editor. Checksum. Change salt keys. If you can’t edit the files, find the root cause or contact Web Host Officials.
Step # 13 – Do a manual investigation. Through inspection of folders/ directories / files / etc.
Step # 14 – Some Web Hosts offer hotlinking, leeching utilities. Enable them. Newbies can use plugins.
Step # 15 – From the Admin Dashboard, check and delete extra pages, posts, categories, tags, links, media items etc. We can do the same via phpMyAdmin (Newbies can use plugins for the same). Change Database Table Prefix.
Step # 16 – In the cPanel, look for sitemap.xml (also robots.txt). Open in editor and analyze. Create new sitemap manually and Resubmit cleaned sitemap to search engines. Newbies can use plugins to do the same.
Step # 17 – If you have access, login Google Webmaster Console. Follow the video already uploaded on channel to unverify fake owners. You can also inspect URLs and check other security stats.
Step # 18 – Inspect files one by one. Consider these words : exec , system , assert, base64 , str_rot13, gzuncompress, eval, tripslashes , preg_replace (with /e/), Move_uploaded_file
Step # 19 – .htaccess, wp-config and robots.txt are very important files. Protect them. Edit them to harden WordPress Security.
Step # 20 – Now you’re good to change all credentials (You can do this in the very beginning of the process, but I follow this path for a reason.) Right from your PC to Web Server along with emails, change all passwords.
Step # 21 – Rescan your website. Analyze the behavior. You can use Sucuri Security / iThemes Security to scan as well.
Step # 22 – Resubmit site to Search Engines for reindexing.

Freelance Pakistan WordPress Tutorials Playlists for #wpspartans300 :

WordPress Spartans 300 Mission (2019)
https://www.youtube.com/playlist?list=PLEEg17VzyLfsOmdlXFneRiYOo5SmyJurg

WordPress Spartans 300 Refueled Mission (2020)
https://www.youtube.com/playlist?list=PLEEg17VzyLfs1oj9cyfNLr650KBH7wHk0

WordPress Security Guide Part One:

How to check if WordPress Website is hacked.
https://www.youtube.com/watch?v=UKrNS5GXuVs

WordPress Spartans 300 Facebook Group (Very vibrant community)
https://www.facebook.com/groups/wordpressspartans300
Freelance Pakistan Facebook Group
https://www.facebook.com/groups/freelancepakistancom

Regards,
Farooq
Freelance Pakistan