How Not to Have a Heart Attack if Your WordPress Site is Hacked

What to do when some crazy hacker has found your WordPress siteThere has been a lot of hacking going on lately. Many real estate businesses have a WordPress blog or a full-fledged WordPress website, and the thought of it being hacked can almost cause your heart to stop beating. But it happens. The best thing to do is take every preventative step possible, and then just be ready and know the steps to take if it happens.

Here are some steps that suggest you follow if you are hacked.

Run a virus scan on your computer and any other computers used to access the blog. Sometimes a virus originates here, so update your anti-virus software and do a complete scan to eliminate that possibility.

Double check with your host that it wasn’t an across-the-board hack or some other problem affecting your website. You may not have been hacked at all, perhaps your host has crashed or their server was hacked. If that is the case, they will let you know what to expect and what steps you need to take, if any.

Change your passwords. All of them, your WordPress password, your admins and editor’s passwords, your FTP passwords, and your control-panel passwords. While you are at it, change your email password too. Make your password more difficult to hack by substituting symbols and numbers for letters. 0 works for O, 3 works for S and E, @ works for A, etc. Vary the capital letters and lower case letters. Use words that nobody would think of. The most common, and the worst, password is PASSWORD. Talk about a hacker’s dream come true!

Change your WordPress configuration file. This one is rather difficult, but it will immediately kick the hackers out of your account by disabling their cookies. Be careful though and make sure you have backed up your original file in case you need to start over. First generate a new set of WordPress secret keys, then follow the steps on this link to overwrite your wp-config.php file.

Backup your entire account if you haven’t already. This is fairly simple to do via FTP, although it can take several minutes to complete. From FTP, just drag all of your files into a new folder on your computer and then zip it for storage. Once you get that file downloaded, scan it for viruses. You should also install a plugin to regularly schedule your backups. You can delete older backups as long as you keep the three most recent ones.

Now take note of the symptoms of your hack. What is it doing? Is it redirecting, is it “gone”, does it have spam all over the place? Open up your files, especially the .htaccess file, and see if there is any strange code. Hackers often like to brag about what they have done. A recent one I ran into had put some strange code followed by the note “Silence is Golden”. Very funny–not! If you find strange code such as this, do a Google search for the specifics on that particular hack so you can eliminate it properly.

Consider deleting it all and starting over. If you have good backups from at least several days prior to the hack, you may want to just delete your entire WordPress file and installation…everything…reinstall WordPress with the latest version, reinstall your theme and then restore your last good backup. This is a radical step, but it will work if you can take it. If your theme was custom designed, you may want to contact your web designer and have them handle this part. You could restore your content with just the basic WordPress theme in this way if nothing else.

Upgrade to the latest WordPress version and upgrade all of your plugins as well.

Change all those passwords again. I know, I know, but it’s important to ensure that some code didn’t capture your new password. You really don’t want to have to do all of this again. Use the password safety ideas discussed earlier.

Best Agent Business has experienced virtual real estate assistants. We can help you manage your WordPress and other sites. We can even ensure you have regular backups of your sites. Schedule a call with Steve Kantor today to see what Best Agent Business can do for you.

–Post submitted by Kim, Virtual Real Estate Assistant, Best Agent Business




logo Best Agent Business

Part Time Virtual Assistants

Steve Kantor, President 

Schedule a call with Steve Kantor at


Comment balloon 1 commentSteve Kantor • January 02 2012 11:02AM


Steve - I hope I never have to deal with this on my WP site, but this is a useful post, and I have it bookmarked!!  

Posted by Christine Bohn, The Bohn Team, Gainesville FL (RE/MAX Professionals) about 7 years ago