How To Clean A Hacked Wordpress Website Or Blog

How To Clean A Hacked Wordpress Website Or Blog — Latitude Technolabs

A bad dream of every website owner is a hacked wordpress website. A hacked wordpress website leads to less traffic, loss of revenue, damaged and stolen data, and brand reputation. Hacking of a website can be done via injecting malicious scripts, codes, and bots into the website via contact forms, search bars, and default pages.

Most of the website uses wordpress to develop it. Sometimes wordpress developers forgot to put security and failed to use security plugins, firewalls, and other security protocols. So that hackers take advantage of it.

So, all you have to do is use good quality best plugins that are genuine, maintain wordpress sites regularly, and increase wordpress security by using plugins and good antivirus software. If your site is hacked, then you can hire wordpress developer.

Here are some excellent tips to remove a hacked wordpress website and blog.

Scan Your Website Or Blog

You can use some of the genuine security tools to scan your website. Use premium tools and top plugin to prioritize scanning because free tools often do not scan properly.

  • There are free wordpress plugins for scanning your website. Just install it on wordpress and scan the whole website for viruses, malware, and bots.

Check Core Files Integrity

Most of the wordpress files are not editable and protected, but threats enter them by making a way. Most infections are found in wp-admin, wp-includes, and root folders.

  • You can scan the integrity of a wordpress file by scanning it with the “diff command” in the terminal.

Check Recently Changed/Modified Files

It is a good idea to check for any recent changes in the wordpress file system. You will get an idea of what was changed before website hacking.

  • Manually Check Modified Files

Check Google Transparency Report

If your website is blacklisted by security authorities or by Google, you can use tools to check the security status of your site.

  • You can go to “" and enter your website URL and search it.

Removing Malware From Website/Blog

Now, this is the central part of this article. If you read the above topic, you already know about the locations of viruses/malware. Now, you can restore your wordpress by removing malware. Malware/viruses will keep entering if you don’t care about wordpress security. You should always maintain wordpress site regularly.

Cleaning Damaged/Hacked Files From Wordpress

If malware is present in core wordpress files, you can manually remove it. Don’t just restore the only file that was infected but restore a full wordpress. You can backup wordpress before doing it for wordpress security. Here is how to do manual file restoration.

  • Login to the server using SFTP or SSH. (don’t use FTP)

Cleaning Hacked Database

You can remove a malware/virus infection from the wordpress database using “search-replace-DB or Adminer.”

  • Login into admin panel

Closing Backdoors In Wordpress Site

Hackers always leave the backdoor behind to get in again on your site. Backdoor files are similarly named like wordpress core files, but they are malicious files. Hackers inject files like wp-config.php and other folders like wp-content/themes, wp-content/plugins, and few other ones.

Here are the common PHP functions backdoors use.

  • System

Future-proofing Wordpress Site/Blog From Attacks

Never use outdated plugins, themes, or any other software, and regularly update your wordpress, plugins, and themes. Always use top plugins that are famous and genuine. Use good security software and scan your entire server regularly. Use a good firewall to restrict access.

Always change passwords for contributing users, admins and ask them to learn more about wordpress security. You can hire wordpress developer if you are new or got stuck with maintain wordpress sites.


It is always good to regularly update wordpress software, plugins, themes, and other files for security. Always use genuine themes, top plugin, and good security software. You should maintain wordpress site regularly to protect from hackers.

Day by day, attacks are increasing, so it is better to invest money on good developers who will help you maintain wordpress sites and improve wordpress security. You can contact us at Latitude Technolabs to hire wordpress developers to solve these problems permanently.

Latitude Technolabs Pvt. Ltd. is a leading service provider with extensive experience in providing IT outsourcing services to enterprises across the globe.