Can you recover a hacked WordPress website?
Yes, I have come across many hacked WordPress websites over the last 15 years and they have all been recoverable. Depending on the level of the breach, some can be harder to restore than others.
Why do WordPress websites get hacked?
WordPress is a very popular platform meaning there are a lot of websites out there with similar structures. This means malicious scripts can be written to try and log in through the standard login URL. Its popularity makes it a target because a lot of sites can be targeted with just one script.
How do I know if my WordPress website is hacked?
This isn’t always obvious, some hacks will do things like redirect your entire site to another website so it is easy to spot. But there are other hacks out there that can go under the radar creating invisible pages on your sites selling products or sending out spam emails through your accounts. One way to often spot this is to go to Google and type in site:yourwebsiteurl.com replace it with your website domain and you will see all of your indexed pages. It is worth getting set up with Google Search Console as this will often highlight any change in page indexing.
If you think you have been hacked then make sure to check if any new users have been created in the WordPress dashboard.
Having security tools on your website will allow you to run routine scans and they will tell you if you have any modified core files or injected files on the server. This can help you to identify issues.
Can you just roll the site back to a backup to fix it?
Technically you could if you knew when the malicious code had been added to the website. This will be an easy fix but rolling it back will not resolve the issue long-term. There managed to breach your website in that backup state and it will happen again if you can’t find out where they managed to get into it. It needs a long-term fix because website hacks can play havoc with organic search rankings and paid advertising funneling into the site.
How much does it cost to recover a hacked WordPress website?
I tend to find that generally I can recover a hacked WordPress website and put in some prevention measures from it happening again in around 4 hours. I charge £275 for a half-day rate, this will of course vary depending on who you hire to complete the work. My method is to make the client aware of the average time it takes and then within the first hour, I always aim to give a better estimate once I evaluate what is happening.
How do you stop a WordPress website from getting hacked again?
There are a few steps that can stop your website from being hacked again, including
- Use 2-factor authentication for user accounts
- Keep WordPress, Themes, and Plugins up to date
- Routinely check plugins and themes are supported
- Use security software to prevent brute force attacks
Should I have a WordPress maintenance plan in place?
If you think you will not be able to stay on top of any of these tasks then a lot of companies, myself included offer WordPress maintenance plans that will allow you to keep your business running and have the peace of mind that your website is up to date.
You can also consider running auto-updates but this can be problematic depending on how complex your WordPress build is.