WordPress Website Hacked? Here’s What To Do

WordPress is everywhere: it’s the most popular CMS, and most of the websites you visit run on it. It makes sense: it’s a powerful CMS that’s easy to maintain, with numerous plugins and features. But their popularity makes them a popular target for cybercriminals. Was your WordPress website hacked? Here’s what you can do.

WordPress website hacked? Here are all the signs

Keeping your code clean is essential for a website, and when you discover unknown pieces of code or even files you never added, it’s a sign that something malicious is happening. Most of the time, unproven plugins are to blame — they can leave certain files that help hackers access your site. So, be vigilant and don’t trust every plugin you see. Sometimes you have to check every single one of your plugins to find the culprit, but you should never have too many plugins anyways — those can do more harm than good. 

You might think that being unable to log into your site is the worst thing that can happen, but in reality, it will be the least of your worries. The worst hacks are the ones you can’t discover until it’s too late, and if you can’t log into your site, you just have to make a few tries. On the third try, it usually lets you in. Just don’t forget the correct password.

As a rule of thumb, the first thing you can do when suspecting a hack is to check the access logs. Learning the source of the attack is half the battle. The second thing you should do is change your passwords. Overall, you should do that often in any case, and make sure your password is long and complicated—nothing personal, nothing you can easily remember. Also, don’t forget to check with your web host. They often fall victim to hackers.