Did your WordPress site get hacked? In this article, I will mention the essential things to do to fix your hacked WordPress site.
Identify and Fix a Hacked WordPress Site
Your WordPress site is hacked, and you do not know what to do next? Here are some of the things you should do:
- Take WordPress into maintenance mode.
- You can then export the post data from Tools > Export. Keep that backup on your desktop. Scan and manually check that XML file for any injected code.
- Notify your web host about this incident. Check the security logs on your web hosting account for the record of intrusion.
- Change the passwords of your hosting control panel, FTP, domain name, and email ID associated with these accounts.
- Change the passwords in wp-config and change the authentication keys with a new set of keys.
- Remove the old themes and plugins from the setup.
- Install a new WordPress setup if there are too many fixes to the WordPress code.
- Check the file permissions on the hosting server. Make sure that none of them are set to 777. Use the Sucuri plugin or WordFence to check the files on the webserver.
- Make sure other sites in the hosting account are not affected by doing a security audit of those accounts.
- Check for the malicious files in the hosting account.
- Do fresh install if you find any security issues with WordPress.
How do I turn my website into maintenance mode?
It’s not uncommon for WordPress site owners to need to put their site into maintenance mode at some point. Whether it’s for a scheduled update or an unexpected outage, being able to quickly and easily toggle your site into maintenance mode can be a lifesaver.
Below, we’ll cover everything you need to know about putting your WordPress site into maintenance mode. We’ll start with a quick overview of maintenance mode and why you might need to use it. We’ll then walk you through the steps of putting your site into maintenance mode using a plugin. Finally, we’ll share a few troubleshooting tips if you encounter any issues.
What is Maintenance Mode?
Maintenance mode is a feature that allows you to put your WordPress site into a temporary holding state. While your site is in maintenance mode, visitors will see a message informing them that the site is down for maintenance.
There are a few reasons why you might need to put your WordPress site into maintenance mode. For example, you might need to take your website down for a scheduled update or to make changes to your design. Or, you might need to put your site into maintenance mode if your site is experiencing an unexpected outage.
Whatever the reason, quickly and easily toggling your site into maintenance mode can be a lifesaver.
How to Put Your WordPress Site Into Maintenance Mode
There are a few different ways that you can put your WordPress site into maintenance mode. The easiest way is to use a plugin.
For this tutorial, we’ll be using the WP Maintenance Mode plugin. This plugin is free and available on the WordPress.org plugin repository. To activate the plugin, follow the next steps:
- Log in to the WordPress admin dashboard.
- Scroll to the “Settings -> WP Maintenance Mode” page in the left panel.
- In the “General Settings” section, switch the “Status” to “Activated.”
- Click the “Save Settings” button.
Once you’ve installed and activated the plugin, you’ll need to visit the Settings » Maintenance Mode page to configure the plugin.
On the plugin’s settings page, you’ll need to enter a message that will be displayed to visitors while your site is in maintenance mode. You can also select whether you want to display the message to all visitors or just logged-out users.
If you want to allow certain users to access your site while in maintenance mode, you can add their user IDs to the “Whitelisted User IDs” field.
Once you’ve configured the plugin, you can toggle your site into maintenance mode by clicking on the “Enable Maintenance Mode” button.
And that’s it! Your WordPress site is now in maintenance mode.
Troubleshooting Maintenance Mode Issues
If you run into any issues while putting your WordPress site into maintenance mode, here are a few troubleshooting tips:
1. Make sure you’ve configured the plugin correctly.
The first thing you should check is the plugin’s settings page to make sure you’ve configured the plugin correctly.
2. Clear your browser cache.
Your browser may be caching the page if you’re still seeing the maintenance mode message after configuring the plugin. To fix this, you can try clearing your browser cache.
3. Check for plugin conflicts.
It’s also possible that a conflicting plugin is causing the issue. To rule this out, you can try deactivating all your plugins except the Maintenance Mode plugin. You can reactivate your plugins to narrow down the cause if the problem is resolved.
4. Reach out to the plugin author.
If you’re still having issues, the best thing to do is reach out to the plugin author. They’ll be able to help you troubleshoot the problem and determine whether it’s a bug with the plugin.
For any other issues, check this article: Fix WordPress Maintenance Mode Issue
Look for a WordPress Maintenance Expert
You may be an expert WordPress user, but there are many things that you cannot do from your end unless you know what and how to fix them. It is better to ask for help from the hosting support team or an expert who knows how to fix things in such a case. We also provide WordPress Website Maintenance Services, so you can look at the service page by clicking the hyperlink.
When you contact them the fixing WordPress issues, be prepared to offer the following things:
- Keep your backup and download it to your local drive before you give access to your hosting account.
- Keep your server logs backup.
- Explain your problem to the hosting support.
- Point out the issue with the help of a screenshot or URL if possible. Ask them to explain to you the problem once they finish their fixes.
- You can always ask for help in official WordPress forums.
- Many WordPress security professionals can help you with fixed fees.
Hacked WordPress Security Checklist
Use this 9-Point WordPress Security Checklist to fix your hacked WordPress website. Keep your website safe and secure by prioritizing the tasks.
- WordPress Security Setup Checklist
- Keep your WordPress setup secure by executing these tasks.
- Install WordPress Backup Plugins.
- Install a login security plugin.
- Install the Security scan plugin.
- Remove unused themes and plugins.
- Perform basic WordPress setup hardening.
- Schedule automated website backups.
You can learn more here: How to secure a WordPress website.
WordPress Maintenance Checklist: Manually maintain your site in 8 steps
Once you set up the security measures for your WordPress site, it is crucial to maintain it regularly. Below are eight easy tasks to do if you want to manually maintain your WordPress site and keep it in the best shape:
- Perform security hardening with php.ini and .htaccess.
- Schedule backups.
- Remove unnecessary security plugins.
- Remove unused plugins and themes.
- Search for harmful files in the server logs.
- Check server logs for intrusion attacks.
- Check the security issues with the updated version of plugins.
- Check the issues with the WordPress update.
- Take a backup of MySQL, WordPress files, and other media files.
Website Information Checklist
Make sure you have this information stored securely. If you have more than one website, then make sure you keep all this data in a spreadsheet hosted in some encrypted drive or online service. If there is only one website, I recommend you print the login credentials and keep them somewhere safe.
- WordPress Logins
- Domain Registrar Login
- Hosting Account Login
- Email Logins & Settings
- FTP Login Information
- Google Accounts
- Backup service login
There are a few key things to look for when trying to determine if a WordPress site has been hacked:
- Check to see if any new, unknown users are added to the site.
- Check for any new, suspicious-looking code or files added to the site.
- Check the site’s access logs to see any unusual or suspicious activity. The site will likely be hacked if any of these things are present. To fix a hacked WordPress site, the first step is to remove any new, unknown users and delete any new, suspicious-looking code or files.
- Change all user passwords and update all WordPress plugins and themes.
- Run a site security scan to ensure all malicious code has been removed.
Once you know what the potential gate(s) for the hacker was, you will learn how to solve the issue and restore your WordPress site.