Hacked WordPress Website? 7 Steps Gold Coast Business Owners Should Follow

Hacked WordPress website? Need your hacked WordPress website repaired? Don’t panic. This article walks you through practical recovery steps about how to fix a hacked WordPress website, find malicious code, restore clean backups, and secure your WordPress website from future WordPress hacks and attacks.

When your WordPress site is hacked, it’s stressful and urgent, but recovery is possible if you follow the right steps.

Whether you are a local Gold Coast business or a WordPress freelancer managing client sites, this guide will help you respond quickly, restore your website, and harden your defences moving forward.

Remember, prevention is better than a cure; therefore, make sure your websites are as secure as possible.

If your website has been hacked and you need an immediate fix, please use our ‘Fix a Hacked WordPress Website’ service to get your website back up and running.

Step 1: Confirm Your Hacked WordPress Website

Hacked WordPress Google warning
Hacked WordPress website warning from Google search engine

Some common signs of a hacked WordPress website include:

  • Unexpected redirects to spam or scam websites
  • New admin users you didn’t create
  • Strange files or scripts in your /wp-content/ or /wp-includes/ folders
  • Search engine warnings (e.g., “This site may be hacked”)
  • Security plugins showing suspicious activity
  • New plugins that appear that you didn’t install

Tools like Wordfence or Sucuri SiteCheck, https://sitecheck.sucuri.net/, can help you scan for malicious code or file changes.

Step 2: Take Your Site Offline (Temporarily)

To prevent further damage and protect your visitors, it’s best to temporarily put your site into maintenance mode or disable it. You can also restrict access via .htaccess or IP blocking.

Some web hosting solutions will allow you to password-protect your website from the server.

Password protection for hacked WordPress websites
Inbuilt password protection from WPEngine.

Step 3: Back Up What You Can

Before cleaning anything, back up your site – files and database included. This lets you inspect changes or roll back if something goes wrong. Ideally, keep both a hacked and a clean version.

Backup a website when dealing with a hacked WordPress website on SiteGround hosting.
Backup a website when dealing with a hacked WordPress website on SiteGround hosting.

All web hosting environments should allow you to make a backup of your website and even give you an option to restore it on a staging or development environment.

Restoring a hacked WordPress website to a staging environment on SiteGround.
Restoring a hacked WordPress website to a staging environment on SiteGround.

Step 4: Remove Malicious Code

Use a combination of manual inspection and security plugins to identify infected files.

Focus on:

  • wp-config.php – Check for strange code injections
  • functions.php In your theme
  • uploads/ folders containing unexpected PHP or JavaScript
  • Any recently modified core files

Many of these steps may be more difficult for users unfamiliar with the default WordPress file and folder structures, so they may not be able to perform them.

At this point, a good tool is WordFence, which can crawl your website and scan all the files for suspicious and malicious code.

Results from a scan using WordFence finding malicious code.
Results from a scan using WordFence show that malicious code confirms a hacked WordPress website.

WordFence can easily find patterns recognised as malicious and flag them for removal, replacement or further attention.

In most cases, if standard WordPress practices are followed and no core files or plugins have been modified directly, you can reinstall the core WordPress files, themes and plugins with the latest version. It is possible to edit them and remove the hacked lines of code, but there may be more that you are unaware of, and simply replacing them all is far easier.

Step 5: Restore from a Clean Backup (If Available)

If you have a clean backup from before the hack, restoring it is often the fastest path to recovery. After restoring, immediately update all plugins, themes, and core files to patch vulnerabilities.

Step 6: Harden Your WordPress Site

Once your site is clean, it’s time to secure it properly to reduce future risk:

  • Use strong admin credentials and enforce 2FA (Two-Factor Authentication)
  • Install a security plugin (Wordfence or Sucuri). These provide constant monitoring and reporting on changes to your website.
  • Set proper file permissions (e.g., 644 for files, 755 for directories). Many hosting companies can automatically reset these permissions if they are altered.
  • Disable file editing wp-config.php by adding define( 'DISALLOW_FILE_EDIT', true );
  • Set up a web application firewall (WAF) via your host or CDN
READ  Pressable Managed WordPress Hosting: Boost Speed, Security and Support

A web application firewall, such as CloudFlare’s WAF, provides a high level of protection at the DNS level before a hacker gets to your site. Common security vulnerabilities are all blocked even before they reach your website. This reduces the risk of being hacked and bandwidth and resource usage from your website.

Also, remove unused plugins/themes, keep everything updated, and schedule regular scans.

Step 7: Monitor and Maintain Against WordPress Hacks

Recovery isn’t the end of the story. It is good practice to create a long-term maintenance plan:

  • Uptime monitoring tools such as Uptime Robot and ManageWP provide this service.
  • Set up alerts for file changes or failed logins. WordFence is a great plugin for this.
  • Review audit logs regularly, We like to use Activity Log which tracks just about everything that happens on your WordPress website.
  • Backup your website daily (automatically). We take multiple different types of backups: hosting, third-party via ManageWP, and manual backups with UpDraft.

Preventing the hack is better than fixing it.

Many Gold Coast businesses neglect post-hack monitoring, leaving them open to reinfection.

Need Help Cleaning and Fixing a Hacked WordPress Website?

If you’re in the Gold Coast region and your WordPress site has been hacked, our team can help. We offer fast website recovery, malware cleanup, and long-term WordPress security plans.

Contact the team if you need help cleaning up your WordPress website.

Meet Us at WordCamp Brisbane 2025

Peter's presentation on fixing a hacked WordPress website. WordPress hacked.

Want to explore this topic further? Join our live session at WordCamp Brisbane 2025: “Oh $H!T, I’ve been hacked! HELP!”. We’ll provide examples, tools, and expert tactics for fixing a hacked WordPress website, recovering quickly and staying secure.

If you couldn’t make it to the event, you can watch the recording and review the notes on our blog post about the WordCamp Brisbane 2025.

Quick Frequently Asked Questions

How do I know if my WordPress site is hacked? 

Unusual activity:
Look for changes in your site’s content, appearance, or analytics you didn’t authorise. 

Malware:
Infected files, pop-up ads, or redirects to suspicious websites are warning signs. 

Login issues:
If you can’t log in or encounter strange error messages, it could be a sign of a hack. 

Broken links or layouts:
Check for broken links or layouts, indicating malware or unauthorised changes. 

Changes to your site’s content:
If you see new content or pop-ups you didn’t add, it strongly indicates that your site has been hacked. 

What should I do immediately after discovering my WordPress site is hacked? 

Put your site in maintenance mode:
This will prevent further access and allow you to work on fixing the issue without exposing visitors to the compromised site. 

Change all passwords:
Immediately change your WordPress admin password, database passwords, and any other relevant passwords. 

Contact your hosting provider:
They may have tools or resources to help you with the recovery process. 

Assess the damage:
Identify the extent of the hack and what files or data may have been compromised. 

Restore from a backup (if available):
Restoring a recent backup is the easiest and most effective way to recover your site. 

How can I clean a hacked WordPress site?

Restore from a backup: If you have a clean backup, restore it to revert to a secure state. 

Scan for malware: Use security plugins like Wordfence or Sucuri to scan your site for malware. 

Remove malicious files: Manually delete any suspicious files or folders identified by the malware scan. 

Clean your database: If the database has been compromised, you may need to clean it or restore it from a backup. 

Update your site: Update WordPress core, themes, and plugins to the latest versions. 

Deactivate problematic plugins: If you suspect a plugin is the source of the hack, deactivate it temporarily to isolate the issue. 

Reinstall WordPress (as a last resort): If the damage is extensive, you may need to reinstall WordPress core files. 

Loading related insights…

Ready to build a project?

Let's create something amazing together.

Let's Mesh!