Image via istockphoto
Eric Gockel

Written by Eric Gockel


Oh no! Your WordPress site has just been hacked. There goes the rest of your afternoon. From one of our WP developers, John Reed, comes these excellent recommendations.

  1. If you’re using version control, smart move. You can try to see what changed and rollback your site to an earlier version before the hack.
  2. Un-approve all comments (could contain some injected XSS garbage). Later on you can go through and re-approve any you deem legit.
  3. Review all post content (body + excerpts) to make sure no malicious code is in there (use HTML view).
  4. Confirm that all users are actually your people, then make new (strong!) passwords for all known users.
  5. Remove all plugins and only install/activate ones actually in use. Update your WordPress installation to the latest version so you have the latest security updates.
  6. After the cleanup, delete the readme.html from the server (this file has WP version info which hackers can exploit).
  7. Also review the media library and make sure it’s only things you’ve uploaded.
  8. If you’re not already doing regular backups of your database and files, now would be a good time to set that up.

Are we missing any? Let us know in the comments!