placeholder image

Things to do if your WordPress Site is Hacked

Written By Ehsan Ul Haq on July 23, 2021 at 11:28 am

Getting your newly formed website in trouble is never something you would want to hear. But what would you do if that became reality and it got hacked?

This word seems like a very big one and perhaps one might feel overwhelmed to work even a single step. There are a lot of answers on the web and they have been created in detail, but what most of them lack is being simple and easy to understand.

Before you actually get into the real deal of solving the issues, you should look for certain things such as if you are able to get into your account, for example: can you access the WordPress admin panel?

Your website should not redirect to some random website as well.

The most important sign or point to note is your sight being marked as “not secure”.

Check your hosting

What you can do is get in touch with the hosting company to have a further checking of your account and find out if any internal error could have caused it. Perhaps it might be a drawback in the website that gave way to hackers.

Once it gets a green signal, you might want to look for further alternatives to resolve the issue.

Try resetting the password

If you have been sharing the password to your admin account with many people, the chances of it being logged into someone else’s device are high. What you can do is forget and reset the password to set a new one and then try logging in to your admin account for the website in question.

If nothing works

 In case the above step does not work for you, you should consider logging in with another account. This will provide you the entry you need and then you can put your site into maintenance mode.

Getting rid of unnecessary admins

Getting rid of those users that are not necessary. When you get into your admin account and find any unknown user accounts, you need to remove them right away. Make sure that none of your previous users have changed information that makes their account appear unknown.

Update plugins and themes in use

update theme and plugins

Try reinstalling them to remove this glitch. If you have not yet put your site into maintenance mode, delete and reinstall your theme and plugins before that. Another thing to look for is an authentic and authorized purchase of any plugins. Sometimes being economical with your site might get you in trouble as these” cheap” plugins or themes might be suspicious.

Make sure your site has an SSL certificate

It is necessary for your site to prevent it from getting hacked. Without it, your site will be shown as not secure. Usually, while you are purchasing your domain and hosting, an SSL certification is also available along with it. if you have not checked out with an SSL certification, go ahead and do it now!

WordPress core

When you have tried all of it and nothing works, this is what you need to do ultimately. Reinstall WordPress again. Remember to have your files backed up from the older version so that you can again upload them.

Ways to avoid site from getting hacked:

  1. Do not share passwords with everyone. A very basic tip right there for you. Make sure to add only two people as admins to the site as more people will make your site vulnerable to hackers.set strong and unique passwords and if you have to share with 3 or more people, change it often. Also, to get safer with your site, use two-factor authentication making it safer.
  2. Always update your site. To save your time, let the site be on an automatic update so that you don’t have to look for them. If you have any themes and plugins bought from outside sources, make sure they are all updated. Avoid buying any plugins and themes from any not so well known sources
  3. Back up the files and database regularly. This will save you if you lack somewhere in site protection and hackers use it as an opportunity. 
  4. Install SSL for your site. As we have stated earlier, SSL keeps your site secure from hackers and it mostly comes for free with hosting that you buy.
  5. Hosting needs to be good. Cheap hosting services are also not considered safe and good for a website, especially if it contains a lot of confidential data. We highly recommend going for moderate to best hostings in any case.
  6. Install tools and software to keep your site safe. There are a lot of trusted ones in the market both free and paid that have worked wonders for business sites and e-commerce.

Frequently asked questions:

How often are WordPress sites hacked?

As per Google, 49% of sites get hacked through cheap hosting services which is why we suggest you” invest” in your site while buying hosting. Another 29% get hacked by using not authorized themes.

What are the Top 3 reasons why WordPress sites get hacked?

  • First- Not updating your site when needed.
  • Second- having weak passwords.
  • Third- not installing an SSL certificate.

Is WordPress insecure?

It is safe if you make sure all the ways of protecting your site are in check. We have mentioned earlier how important it is to change and invest. Try to have only two admin accounts for maintaining your site and the best is one.

How to check if my website is hacked?

If there is any new and not needed information or any information has been deleted from your site, it is a possibility that your site is hacked. If a lot of browsers have been popping up lately with warning flashing.

For beginners, you can also check if the loading speed has become slower than usual. Another signal is your email being sent to spam.


We are sure that you will be able to resolve the problem of the site in question, with all these steps. All you need to do is follow these steps as they have been said. If necessary or you are a complete stranger to these sorts of things, consider taking the help of a professional. They may or may not charge you for it. Another alternative is to get in contact with the hosting company as they have a team assigned to do such stuff.

Never share your passwords in any scenario and always update them. Do not use your well-known info as a password such as a name, family member’s name, or date of birth as many people do. Making weird combinations will protect you from getting your site lost. We highly suggest investing a little and use best in class themes and plugins and avoid any unknown sources to buy such stuff no matter how good of a deal it looks like.

Leave a Reply

Your email address will not be published. Required fields are marked *