Fixing My WordPress Hacked Site

I had to deal with an unpleasant event recently and that was having to fix WordPress Hacked Site. About a month ago my WordPress-powered website for my Thriller Author Interview Podcast was hacked and brought down hard. It took a week to recover. I’ll walk you through what happened, why it happened, and how I was able to fix it without losing content that I had been posting to that website for over two years.

Fixing a WordPress Hacked Site

Fixing a WordPress hacked is stressful. From discovering that you’ve been hacked and dealing with all that garbage and dealing with a lot of frustration and setbacks, as you scramble to get everything back to normal. It took some doing, so I thought I would share some info so hopefully, you can protect your website so this doesn’t happen to you or if you do get hacked, you can save some headaches and frustration fixing WordPress hacked site.

Please note, I use a self-hosted installation, theme, and plugins to run my websites (including the blog for writers you’re reading right now), so if you don’t use (self-hosted) you might not get much out of this post.

[h2]Before I Needed Help Fixing my WordPress Hacked Site[/h2]

I consider myself decently versed when it comes to the techie side of website management. I can code HTML and I can tweak PHP code. I’m also okay getting under the hood of the databases that run WordPress (at least that’s what I thought until it came down to fixing WordPress hacked site.

I also took pride in that I was focused on security. I use LastPass to generate very strong passwords and I change them regularly. I check out the history of every theme and plugin I install to make sure the plugin author is reputable and that the plugin has decent reviews, and that it’s up to date with the latest version of WordPress before installing.

I make sure that I keep my WordPress installations updated to the latest version since most of those deal with patching-up vulnerabilities.

That said, my website was still hacked, and it went down hard like a sack of potatoes.

Web Host Support Blues

I opened a support ticket, but my web host wasn’t very interested in actually getting down to the root of the problem. The site was hacked so the best course of action for them was to delete everything and re-install without trying to pinpoint how this happened.

It was a drastic, scorched earth approach and I would lose all the content.

fixing WordPress hacked siteLuckily, I back up my website daily. Had I not done that, I would have lost ALL my content and I would have started over with that blank “Hello World” post that you see on a brand new WordPress install.

So here is the first thing I recommend you do: BACK UP YOUR WEBSITE!

WordPress Backup Plugin

I used a plugin called BackUpWordPress which backups my site automatically and then emails me the backup files.

However, moving forward I’m using Updraft Plus which has been downloaded over five million times and has over 900,000 active installs and 4.9 rating in the WordPress directory.

It also seems to be a much better-developed plugin and they have a lot of great features that the other plugin does not have like automatically saving the backup to my AWS S3 and/or Dropbox accounts.

Whatever you use, make sure you back up your website every day.

Do this even if your web host states that they back it up for you. Do not rely on your web host (even if you think they’re the greatest thing since sliced bread). My web host boasted that feature as well, but when the crap hit the fan, their backup files ended up being useless (more on that in a bit).

Doing your own backup with the plugins I mentioned, is easy. It’s a set it and forget it deal, so you don’t have to touch anything or even think about it once the backup is set up. But you will be very happy to have those backups if your website is hacked. Trust me on this one!

So how does the backup thing work?

I hired a company called Wordfence (more on this in a bit) and they restored the site from the backup zipped file that I emailed them.

But I’ve now learned how to do this myself. I just think it’s a good skill to have. And if your web host provides you with cPanel, it’s not that difficult to do. You can find many “how-to” videos on this on YouTube (search “restore site from backup cpanel”).

Wordfence site cleaning review

Like I mentioned above, I ended up telling my web host to stand down since they seemed trigger-happy about deleting my site and weren’t very helpful when it came to restoring the site from my backup files in order to fix my WordPress site.

As I mentioned earlier, my web host also kept a backup of my site but I couldn’t get from them how often they do this and they told me that the backup they had had also been compromised!

So they couldn’t use that backup to restore my website, thus they just wanted to delete everything and just re-install WordPress with all my content gone — that was their solution to fixing WordPress hacked site.

Obviously, I didn’t like this solution AT ALL. So I told them to stand down. I then hired WordFence.

Let this be a warning: don’t rely on your web host to backup your site; generate your own backup files with the plugins I mentioned above.

Returning to Wordfence. These are the folks behind a very cool WordPress security plugin (also called Wordfence) that I also recommend you use.

Wordfence also runs a great blog on cyber security and WordPress which is a treasure-trove of information about WordPress cyber security.

And although I like and will continue to use their plugin and read their blog, unfortunately, I wasn’t happy with the cleanup service they provided for $179.

I was expecting a detailed report as to what happened, so I could take additional precautions in the future, but that never happened. They blamed the web host for deleting files and thus erasing the “forensic evidence.”

I buy that. Web host deleted everything, so that’s fine. In the end, they provided me with very generalized no-duh type information. For example: use a strong password. Keep WordPress updated. Change your passwords. Etc.

That’s the stuff I was already doing and I still got hacked.

So I don’t know and will never know how the hackers got in.

One upshot is that as part of the $179 fee I get their $99 per year premium plugin for free for one year, so I can check it out (I’ve used the free version of their plugin on my author website and I like it).

As to “cleaning the infection” that they mentioned on their sales page, I don’t know if they did any of that since my web host just ended up deleting a ton of files, anyway.

Wordfence did restore my site from the backup files I sent them, so that was good.

But they were slow. I had to nudge them by email more than once for updates and my website was down for almost a week while they did little that I could discern (one of the reasons I’ve now learned how to restore my WordPress site from a backup via cPanel).

They have a set M-F, 9 to 5 type schedule which in this type of business (cyber security) seems a bit unrealistic but they’re transparent and upfront about that so I knew it going in. And to their credit, the person working on fixing WordPress hacked site did help me out and was working on it on Saturday.

Getting Back to Normal

Fixing WordPress hacked site was done via my site’s backup files which I emailed to Wordfence.

However, once the site was restored, I thought it would be back to 100% normal, but that wasn’t the case.

Due to dead links my WordPress media library looked like a graveyard of dead images:

fixing WordPress hacked site

Another thing that went amiss after the site restore was that the plugin directory, which is required when using WordPress, was missing so not sure how that was missed.

I kept getting error messages when trying to reinstall plugins, but it was easy enough for me to fix via Cpanel, I just created a new directory called “plugins” and I was able to reinstall my key plugins like the PowerPress plugin and my podcasts came roaring back to life. Love the PowerPress plugin.

Cleaning up Dead Images

The broken link image problem required more elbow grease. I had to re-upload several images manually and the reason was that when I first set up my website, I was uploading images directly to my web host server via the WP Dashboard.

It wasn’t until later (after I installed the WP Offload S3 plugin) that I began to upload all media files (like images) to my AWS S3 account instead of to my web host’s server.

When my web host deleted the files they included the image files that I had uploaded on their server, thus the broken links leading to dead images.

However, for the images hosted on S3, they came back to life perfectly once the site was restored from backup since those links pointed to the images hosted on S3, not the web host’s server.

Media Files

So that’s another of my big recommendations: don’t upload important files directly to your site’s shared server! Use something like AWS S3 or whatever, just make sure those files are hosted off-site.

Luckily, all my podcast MP3 files and most of my images were hosted on Amazon’s S3 so everything came back to life once the site was restored except for the handful of images that I had left on the hosting server.

Had I uploaded all my files to the website server vs. AWS S3, I would have had to upload everything manually again — even with the backup restore since those links would have pointed to a file that was deleted by my web host’s support.

Having most of that stuff on S3 saved me from a lot of hair-pulling frustration.

The WP Offload plugin is a little gem. All I do is upload media files as I normally do in the WP dashboard but the plugin puts them in my S3 account and that is what used to display those files on my WordPress site.

Future (Fixing WordPress Hacked Site)

Now that I have a better understanding of what happens when a WordPress site is hacked and what I need to do to restore the site from my backups, I would be a lot more assertive and proactive. I was intimidated by the tech-aspect so I relied too much on my web host’s support and on Wordfence versus taking charge myself to ensure my site was down for a whole dame week when in the end a complete deletion and re-install of WordPress was needed.

I wasn’t happy with my web host’s way of handling what happened, so I’m going to move my sites when my contract is up.

If this happens again (I hope not) I would hire a security expert from UpWork versus using Wordfence’s cleanup service. I’ve had good results hiring freelancers in the past on Elance (now UpWork). So I would go there (if there were a next time).

I do not recommend WordFence’s $179 cleanup service, but I do recommend their plugin.

To recap:

  • Make sure you’re backing up your website daily (so you always have a recent backup copy handy) and that you’re keeping a copy of that backup somewhere else than your site’s server! Recommended plugin to do that: UpDraft.  I now have the backup file saved to my Dropbox and I have a copy emailed to me. I just filter the email, so I don’t see it every day, but it will be there if I need it.
  • Make sure you’re uploading media files (images, audio, etc.) to a third party server like Amazon’s S3 instead of directly to the server that is hosting your website that way it won’t all go down with the sinking ship. Recommended plugin to do that: WP Offload S3 Lite. It’s easy to set up that plugin and once set up you just upload media files the same way via your WordPress dashboard media upload but the plugin does its magic so that those files are uploaded to your S3 account.

Avoiding fixing WordPress hacked site

  • Make sure that you’re always keeping your WordPress, themes, and plugins up to date.
  • If you’re using a plugin or theme that has been abandoned by its developer hackers could get in that way. I suspect that might have been the culprit since I was using an old plugin from 2012. I do a lot of due diligence when considering new plugins, but I overlooked date with existing plugins. I should have stopped using such an old plugin that hadn’t been updated in years. WordPress releases so many updates that we can become blasé about it, but each update is usually to fix a bug or patch up a vulnerability, so make sure you’re always up to date. I have it set to automatically update my WordPress version when a new update is released.

Note on automatic updating WordPress: I realize there could be plugin or theme compatibility issues doing this but it’s easier to deal with that stuff versus having your entire website compromised so that it’s erased from existence. That’s just my opinion, so proceed with caution.

Final Word

Fixing WordPress hacked site is stressful, just remember that if you back up your WordPress site you can recover quickly, so be calm and get to work so you’re back up and running ASAP.

I'm a full-time Internet marketer and infopreneur and an aspiring fiction writer. Blogging about my fiction writing at Fictive Universe.

2 thoughts on “Fixing My WordPress Hacked Site

  1. Hi there. I’m having a problem deleting the corrupt images in my media library. Any advice on that? Thanks!

    1. I had the same issue. My non-tech approach was to manually re-upload the images. Not ideal, but it worked. But instead of uploading them back to my web host server, I used my Amazon AWS S3 account so now the images are hosted on a separate server. If I get hacked again the images in my media library won’t be toast since they’re hosted elsewhere.

Leave a Reply

Your email address will not be published. Required fields are marked *

ERROR: si-captcha.php plugin: securimage.php not found.