If your WordPress site gets hacked, or someone injected malicious code into your site. Then restoring your site from the backup is the quickest and the safest way to get up and running again.
A backdoor is a disguised executable file or code snippet uploaded by the hackers on your site. This file gives them remote access to your site. If you clean up infected files, and the backdoor is still there, then your files will get affected again.
There are tools and plugins which will allow you to check the integrity of all WordPress files and database. However, before you run it, you will need to delete all plugins from your plugin folder and remove all inactive themes. This will allow scanning tools and plugins to show less false positives.
Check your WordPress uploads directory, and look for any php file there. Uploads directory is usually reserved for media files. If there is a php file there then delete it.
Exploit Scanner is a very powerful WordPress plugin that allows you to scan all your WordPress files, uploads directory, and database for suspicious files and malicious code. It is developed and maintained by a team of very talented and knowledgeable WordPress security experts.
Simply install and activate the plugin and run the scanner. The scanning process may take some time depending on your database size and installed plugins. It will show you three types of notices for severe, warning, and notes. You need to carefully examine those results. One downside of the plugin is that it may show you false positives and you need to carefully examine results to be extra sure.
Sucuri is one of the leading website security companies. This free plugin allows you to run sucuri security scans on your website. This scan will check your website for file integrity, malicious code injection, and security auditing. The plugin will also recommend actions you can take to strengthen your site’s security. We mentioned many of these actions in our strengthening WordPress security for advanced users article.
The steps mentioned above would help you easily recover your WordPress site. However, in some rare cases you may find yourself in a much more difficult situation. For example, a hack would keep coming back, or you would be unable to locate malicious code in your database.
First you need to understand that whatever is happening to your site has already happened to thousands of websites. There are already solutions available for no matter how difficult your situation seems to be. The best place to get help with your hacked WordPress site is the official WordPress support forums. Describe your problem with as much detail as possible and you will get help from other users and even experts.
Apart from official WordPress forums you can try other web development communities for help. Stack Exchange site for WordPress is another great online community to get help and advice from experts.
Web is becoming more and more like real world. There are challenges and dangers lurking around the corner. Instead of being scared, you should be prepared and ready to take on those challenges. Together we can make the web a safer place where people from all over can freely conduct business, express opinions, and share cool stuff.