Introduction
This short guide is intended to help you, as a WordPress site owner, identify and resolve issues related to a hacked site. The steps are designed to be straightforward and actionable, even for those with limited technical expertise.
Identifying a Hacked Site
- High CPU & RAM Usage: Noticeable slowdowns across your site that can't be explained.
- Unusual Disk Space Usage: A sudden increase in disk space usage might indicate unauthorized files.
- Output of code on your front-end or admin: Seeing weird/characters being output on your website.
Initial Checks
-
Inspect the Root Folder:
- Use an FTP client or the Control HQ File Manager to view your installation files.
- Look for files that seem out of place, especially in the root directory of your WordPress installation.
-
Check WordPress Core and Cron Jobs:
- Verify if the WordPress core files have been tampered with.
- Be aware of any WP Cron jobs that are running longer than usual, as this can be a sign of underlying issues.
Detailed Investigation and Cleanup
- Backup Your Site: Always start by backing up your site, even if it seems compromised.
-
Using Security Plugins:
- Install a security plugin like Wordfence. It can scan for and clean up most common types of hacks.
- Regular scans can help catch new threats.
-
Manual Inspection:
- Check the
wp-content
directory for unusual plugin or theme folders. - Compare the contents of your WordPress installation with the official WordPress repository to spot any anomalies.
- Check the
-
Using WP CLI for Advanced Diagnostics:
- If you're comfortable using the command line, WP CLI can be a powerful tool.
- In Control HQ go to Developer Tools > WP-CLI
- Use the
wp doctor scan
command, which can be installed viawp package install wp-cli/doctor-command
for diagnosing common issues. More details on this command are available here.
Communicating with the Dollie Team
- If you're unsure or unable to clean the hack, contact our team for assistance.
- Share any findings or suspicious files with us to expedite the process.
Post-Cleanup Actions
- Restore and Monitor: After cleanup, keep a close eye on your site's performance and any unusual activity.
- Update and Secure: Update WordPress, themes, and plugins. Consider changing passwords and implementing additional security measures like two-factor authentication.
- Educate Yourself on WordPress Security: Understanding basic WordPress security practices can significantly reduce the risk of future hacks.
Conclusion
Addressing a hacked WordPress site might seem daunting, but by following these steps, you can regain control of your site. Remember, keeping your WordPress site updated and regularly backed up are key practices in preventing hacks.