As much as I hate it, websites get hacked. They are actually more vulnerable as WordPress allows more and more plug-ins that have weak security which in turn can infiltrate your site.
I have several sites that have been hacked and I have spent many countless hours sorting through evil lines of code, deleting scripts and files. It’s not a lot of fun, but it needs to be done. If you are not a code geek, then I wouldn’t recommend doing this. Hire a professional.
If your site goes down, pray that you have a WordPress xml backup file somewhere. It is really easy to do. Go into your WordPress dashboard, if you can, and go to tools, export, all content. Save it to your cloud or Dropbox.com account. This is all your precious hard work you have created.
If you can’t get into the dashboard, then you might be able to salvage it if you can get cPanel access to the file manager. If you can, then zip up your WordPress core files, mostly the wp-content folder. Save it to your hard drive. Hopefully you don’t have to use this and you have the XML file.
So, how do you know if your site has been hacked? For starters, it might not load at all. It could still load, but in the background secretly have malicious malware or spam files hiding in deep folders. Ultimately what is going to happen, is your web host server is going to shut down your account and delete the site all together to prevent any infection of other sites. Chances are, your site is on a shared host with other websites. Your site could have been infected simply by being on a server that was attacked.
GoDaddy, Bluehost, and a few others are targets and have had sites go down due to hackers.
After much technical research, hours of reading other people’s issues, I finally came up with my own solution. Delete the infected site. Start over. This sucks, but it has to be done. Don’t try and edit files that that were binary code. Every answer you search for online gives you very technical, difficult, time consuming possibilities. None that are easy.
Contact your host and change your server password, and your cPanel password. They should be impossible to ever crack.
Log into cPanel, go to Legacy File Manager. Find the infected site. Delete it and all the files under it. You are starting over. Everything in that website directory will be removed.
Open Sofaculous, and if the site is in the “overview”, then you will need to remove it. If it is not listed, but still an active domain, then you will need to install a new copy. Install “limit login attempts” during installation.
Log into the WordPress dashboard, go to plug ins and install Wordfence and Jetpack.
Activate both plug ins and set the security level in Wordfence to “Attack Imminent”. Activate Jetpack jump start and also limit logins. This will help protect your site.
Go into Wordfence and whitelist your ip address. Ban all I.P. addresses who try to use “admin” as a user, and who access the wp-admin folder. This will help keep your site safe from hackers. Make it impossible to get into your site.
Delete any plugins that you don’t use. Delete “Hello Dolly”. Delete all the themes except the default theme.
Install your desired theme, and import your WordPress XML file. Proceed to set up your site as normal.
Delete all themes that you are not using.
If you don’t have the XML file, go into cPanel file manager and upload the wp-content file you saved to your hard drive. Hopefully, it will load the content.
