Kinski & Bourke

Fixing a WordPress Website that has been hacked

Musings about the web and stuff.

Fixing a WordPress Website that has been hacked


Today we had the pleasure of trying to fix a WordPress website for a Not for Profit agency who came to us trying to figure out why they were running out of bandwidth.

They were not using a great deal (only 2.5gigs this current month) but that was up from their normal 1-200meg a month, so either they had became popular overnight or something else was more sinister was happening.

The first thing that needed to happen was to get their limit increased with their hosting company, and once that was done we were able to login to the cPanel and WordPress backend and update the core, which then (due to the hidden malicious code in the root directory) put a redirect timeout when trying to log back in.

So after deleting all the malicious code and also creating a new Admin user via phpmyadmin, we uploaded new WordPress install files via FTP, did a manual upgrade and logged back in.

The website was still not functioning as it should, so we updated their theme, all the outdated plugins and installed both Wordfence and Securi Scanner.

After a few scans with both Wordfence and Securi Scanner to ensure that the website was now in fact clean, we did a backup with our favourite backup tool, BackupBuddy.

Trying to repair a hacked WordPress website is always tricky, and sometimes you may need to rebuild certain elements which can take time, so if your WordPress website has been hacked, why not get in touch with us today for a solution.