A hacked WordPress website is stressful, but it can usually be recovered. The priority is to stop damage, preserve evidence and clean the website properly instead of only deleting visible suspicious files.
What to do in the first hour
- Do not delete random files without a backup.
- Change hosting, WordPress, FTP and database passwords.
- Make a copy of the current state.
- Check admin users and recent changes.
How to recognize a hacked website
- Unexpected redirects.
- Google security warnings.
- Unknown admin users.
- Spam links in pages.
- Strange PHP files in uploads or theme folders.
Malware cleanup process
A proper cleanup checks WordPress core, plugins, themes, uploads, database content and scheduled tasks. Backdoors must be removed or the infection can return.
After cleanup
Update everything, remove unused plugins, harden login access, check file permissions and request review in Google Search Console if warnings were displayed.
Need help with your WordPress website?
I can remove WordPress malware, clean backdoors and help restore Google visibility after an attack.
