Website security is a major concern for every WordPress site owner. If your WordPress site has been hacked, it's crucial to act quickly to minimize damage and restore security. Here's a step-by-step guide to resolving a hacked WordPress site.

1. Identify the signs of piracy

Before starting to solve the problem, it's important to confirm that your site has indeed been hacked. Here are some common signs:

  • Changes to the content or appearance of the site.
  • Redirections to malicious sites.
  • Pop-up windows or unwanted ads.
  • Drastic reduction in traffic due to security alerts in search engines.
  • Unknown user accounts added to your site.
  • Warning messages from your web host.

2. Isolate the Compromised Site

To prevent piracy from spreading, we recommend that you put your site in maintenance mode or temporarily disconnect it. Inform your visitors that the site is under maintenance for security reasons.

3. Analyze and clean up files

a. Scan files

Use a security scanner to identify compromised files. Plugins such as WordfenceSucuri, and iThemes Security are very useful for this task. These tools can detect suspicious files and malicious code, but some viruses prevent their use or spread to the entire hosting.

b. Delete Compromised Files

Once you've identified the infected files, delete or clean them. You can restore files from a clean backup if you have one.

4. Update WordPress, Themes and Plugins

Vulnerabilities in WordPress core, themes or plugins are often exploited by hackers. Make sure your WordPress installation, as well as all themes and plugins, are up to date.

5. Change All Passwords

a. Administrator passwords

Change the password of your administrator account and those of all users with access to your site.

b. Database passwords

Update your database password. You can do this via your hosting control panel (like cPanel) and update the wp-config.php file with the new password.

6. Check users and permissions

a. Suspets users

Delete all unknown or suspicious user accounts.

b. File permissions

Make sure file permissions are set correctly. Files should generally have permissions of 644 and folders 755.

7. Reinstall WordPress

If the infection is deep-rooted, it may be necessary to reinstall WordPress completely. Download a new copy of WordPress from the official site, and replace the main files while retaining the wp-content folder and the wp-config.php file.

8. Restore a Backup

If you have regular backups, restore a clean version of your site. Make sure the backup is infection-free before restoring it.

9. Implement safety measures

a. Security plugins

Install and configure security plugins like Wordfence or Sucuri to monitor your site in real time and block hacking attempts.

b. SSL

Use an SSL certificate to encrypt data exchanged between your site and visitors.

c. Regular backups

Set up a regular backup system to ensure that you can always restore your site to a clean version in the event of a problem.

d. Firewall

Activate a web application firewall (WAF) to protect your site against common attacks.

10. Informing Users and Seeking Help

a. Informing Users

If user data has been compromised, inform them promptly and provide advice on the steps to take, such as changing their passwords.

b. Search for Help

If you're not comfortable dealing with this situation on your own, consider calling in a web security professional or a company specializing in WordPress security.