Next, I listed several ways to clean up the hacked WordPress website to get rid of website hackers.
Create a backup of your website and database
You must back up your data before you start any technical steps on the website. Your website and database contain everything you do to promote your website’s online business. Creating a website backup allows you to recover files and folders in time if something goes wrong during the operation. In addition, even if the site is hacked, there are still valuable documents and information. So in the process of cleaning up and repairing, try to keep this valuable information. In fact, in the worst case, you will be able to restore your site to the state it was in when it was hacked and then start the program again. So you must back up your website and database before proceeding to the next step.
Copy the files on your website
Many times, after you fix your site, it’s hard to find the images you uploaded to your site earlier. If you don’t upload an image after the site is fixed, then your post may contain broken images. Therefore, we recommend that you make a copy of the pictures and files you upload to the website.
In addition to image files, if you are using non-image files for visitors, you should probably have an up-to-date copy of these files, such as non-image files like zip files, PHP scripts, and plugins.
Delete files and folders in the WordPress directory
Once you’ve created the latest copy of your backup directory and files, you can delete files from your existing WordPress directory. Deleting all files and folders is the most effective way to remove all files that have been compromised by viruses. You can use FTP to delete these files. However, if you want to perform this step faster, you can delete the file through cPanel’s file manager or command line.
Download the latest version of the WordPress plugin
Some new developers will recommend using the WordPress auto-upgrade feature to get the latest version of WordPress software and plugins. But this won’t clean up your site, because automatic updates just replace specific files and folders, and those that are discarded will still appear on this site. So if you use the automatic update feature to update a website that has been hacked, the hacker will attack your file again.
Get rid of hackers, you should start with the details. In short, you should have a copy of the WordPress software and an up-to-date copy of all the plugins and themes you want.
Upload a new version of WordPress software and files
After the above steps are completed, you will need to upload the file. To do this, you should make sure that the copies of the pictures and files you have downloaded before are located on the desktop easily found. Then you can use the FTP client to upload files to your WordPress site. Remember, this is the first step in the recovery process, and you must operate it correctly to ensure that your site has high operational performance.
Upgrade your database
Once all the files have been uploaded to your WordPress site, you can upgrade your database. This is an important step because upgrading the database allows the structure of the database to adapt to the newly installed version of WordPress.
Change your administrator login credentials
Your site is hacked most likely because an administrator has failed to protect the username and password. Therefore, you must change all administrator passwords, and we recommend that you choose a password that is highly secure and not easy to guess. In addition, you should check the user list and limit the number of users to a minimum to ensure a higher level of security.
Check and fix incomplete articles
Since your WordPress site is used for access, you should make sure there are no errors in your article. Then you need to browse your articles one by one. If you find any images or files that do not exist, fix them immediately. You can browse the article through the query window in the database.
Test your website
Install a new version of WordPress software, activate valid themes, plugins, and check articles. After you’ve done this, you should verify that the site is working. To do this, you should log out of the management system and enter your website as a guest after entering your website domain name in the address bar of your browser. If the content, themes, and plugins are running smoothly, you have successfully restored your site.
Improve security
After following and implementing so many steps, you are definitely not willing to be hacked again. Therefore, you must strengthen the security of your website. First, you should change the access permissions of the web server to protect FTP. In addition, you must ensure that all username and password passwords are extremely secure, so you can use an advanced password generator tool. In addition, you can also choose to authenticate with 2 options. In this case, any user who wants to access the website will need to enter the dynamic password sent to the mobile phone number of the corresponding binding. In addition, you’d better use some website and server monitoring tools so you can track and record your visit and visit traffic. Advanced monitoring tools maintain website security and software updates. In this way, your website will not be hacked or become a target of hackers.