A hacked WordPress site can damage your reputation, get you blacklisted by Google, and harm your customers. Here is what to do if your site has been compromised.
Signs Your Site Has Been Hacked
- Google search results show your site with strange titles or descriptions (e.g., Viagra ads, gambling links)
- Your homepage has been defaced or replaced with another page
- Visitors are being redirected to another website
- Your browser or antivirus shows a warning when you visit your site
- You see unfamiliar admin users or files you did not create in cPanel
- Your hosting account has been suspended by Hordanso for malware
Immediate Action Plan
- Put your site in maintenance mode or take it offline temporarily to prevent harm to visitors.
- Change all related passwords immediately:
- WordPress admin password(s) — all admin users
- cPanel password
- FTP password
- Database password in cPanel > MySQL and update wp-config.php
- Contact Hordanso support to flag the issue — we can check server logs and scan the account.
- Restore from a clean backup (taken before the hack). Contact us to restore from our daily backup archive.
- If you do not have a clean backup, proceed to scanning.
Scanning and Cleaning Your Site
- Install the Wordfence Security plugin in WordPress.
- Run a full scan. Wordfence will list all infected files.
- Use Wordfence to repair or delete infected files.
- In cPanel, use the Virus Scanner tool to scan your hosting account for malware.
Preventing Future Hacks
- Keep WordPress, themes, and plugins updated at all times
- Delete unused themes and plugins — they can be hacked even when inactive
- Use strong, unique passwords for all accounts
- Install a security plugin (Wordfence, Sucuri)
- Enable 2FA on your WordPress admin account
- Take regular backups
