Getting your WordPress site hacked is one of the most stressful situations for any developer or website owner. Unfortunately, attacks in 2025 have become more sophisticated — but so have the solutions.
I recently had to recover a compromised WordPress site for a client. Instead of panicking, I followed a step-by-step recovery process — and it worked.
In this guide, I’ll share exactly what I did to clean the site, secure it, and bring it back online.
Step 1: Identify the Signs of Hacking
Here’s what I noticed:
- The homepage was replaced with a spammy redirect
- Unknown admin users appeared
- The site was blacklisted by Google
- Hosting provider sent a malware alert
If this sounds familiar, act fast — every second counts.
Step 2: Go into Maintenance Mode
The first thing I did was:
- Take the site offline temporarily
- Alert the client
- Prevent further damage and protect visitors
You can use a maintenance plugin or edit your .htaccess to restrict access.
Step 3: Restore a Clean Backup (If Available)
Thankfully, I had an offsite backup from a week earlier. I:
- Downloaded the backup
- Restored both files and database via cPanel
- Checked functionality and ensured the backdoor wasn’t part of the backup
If you don’t have a backup, move to manual cleaning (Step 4).
Step 4: Manually Remove Malware
Scanned the files using tools like:
- Wordfence Scanner
- Sucuri SiteCheck
- Hosting malware tools (most hosts provide them in 2025)
Then,
- Removed suspicious files (like wp-includes/wp-vcd.php)
- Deleted unknown admin accounts
- Cleaned the database of injected scripts or fake posts
Step 5: Update Everything
Next,
- Updated WordPress core, themes, and all plugins
- Removed unused or outdated plugins and themes
- Changed all passwords (hosting, FTP, database, WP users)
Step 6: Harden the Site Security
To prevent future attacks:
- Installed Wordfence + 2FA login
- Limited login attempts
- Changed database table prefix
- Disabled file editing in wp-config.php
Step 7: Notify Google & Remove Blacklist
If your site was flagged:
- Submitted a Reconsideration Request via Google Search Console
- Requested malware review from security platforms (like Norton Safe Web, McAfee, etc.)
Final Checks
After cleanup:
-
- Tested site performance
- Monitored traffic and logs for a week
- Set up uptime monitoring & weekly auto-backups
Fixing a hacked WordPress site is never fun — but if you stay calm, follow a plan, and understand where to look, you can recover completely and make your site more secure than ever.
In 2025, it’s not about if your site will be targeted — it’s about how well you’re prepared.
Need help with a compromised WordPress site? Contact with us.