WordPress is the world’s most popular content management system (CMS), but its popularity also makes it a frequent target for hackers. A hacked WordPress site can disrupt your business, compromise sensitive data, and harm your reputation. With the right steps, you can clean up the infection and also harden your site against future attacks.
In this guide, we’ll demonstrate how to fix and secure a hacked WordPress site using MalCare (a dedicated WordPress security plugin that offers malware scanning, cleanup, firewall, and site hardening features). For convenience, we’re using a WordPress site deployed on a Kamatera server. If you discover that your WordPress site has been hacked, here is a step-by-step guide to clean it up and strengthen its security.
Download MalCare
- Go to MalCare’s website and click on Pricing.
- The free plan includes Prepend Firewall, Login Protection, Daily Malware Scan, Vulnerability Scanner, Centralized Updates, Bot Protection, and Customer Support.
- The paid plans offer additional features such as AI-powered Malware Scans, Automatic Backups, Activity Logs, Advanced Monitoring, and more.
Click on the “Protect Your Site For Free” button as shown in the screenshot below.
2. You can sign up by entering your Email Address, Password, and Confirm Password, or choose Connect with Google to sign in with your Google account. After signing up, verify your email using the confirmation link sent to our inbox.
3. From the MalCare dashboard, click on Send confirmation email again as shown in the screenshot below.
4. Check your inbox and click on Verify your email address.
5. You will be then redirected to MalCare Dashboard. Here, select Sites and click on Add Site. Enter your full site URL (e.g., https://yoursite.com).
6. Enter the site name and click Continue.
Configure MalCare
7. Here, you will have 2 options:
- Option A: Auto-Install Plugin: Enter your WordPress Admin Username & Password. MalCare will install the plugin automatically.
- Option B: Manual Installation: Click on Download as shown in the screenshot below to download the plugin zip file.
Note: Here, Manual installation is selected.
9. Choose Add New and click on Upload Plugin. Now, click on Choose file to upload the MalCare zip that is downloaded. Once the zip file is uploaded, click Install Now.
10. Now, click on Activate plugin.
11. Otherwise, return to the INSTALL PLUGIN page and click on TEST PLUGIN.
12. Once connected, click on INITIATE SYNC to scan your website.
Start security scan
13. Malware performs an initial security scan across 3 layers:
- Ozone Layer: Firewall, login protection, bot protection
- Cortex Layer: Malware scanner, vulnerability scanner, malware cleaner
- Carbon Layer: Backups, activity logs, performance monitoring
14. After a few minutes, the initial scan will reveal whether your site is: Clean or Infected with malware.
If infected, you’ll see details such as:
- Hacked files (PHP, JS, etc.)
- Malicious scripts injected into the database
- Outdated or vulnerable plugins and themes
Note: In the screenshot below, you can see 2 malicious files and 1 malicious script found.
15. Scroll down to the Ozone Layer and check whether there are any infected files. Here, you can
- Enable Firewall (included in free plan).
- Activate Login Protection:
- Enforce strong passwords
- Limit login attempts
- Enable two-factor authentication
- Enable Bot Protection (premium) to block malicious crawlers.
16. Scroll down to the Cortex Layer to view the scan results. In this layer, you will find the infected files. If the site is hacked, the results will clearly show as ‘Hacked.’ To proceed, click on Review Malware to examine the details.
Note: If you scroll further down, you will also find the Vulnerability Scanner section, where you can keep your plugins and themes updated.
17. You can view the infected files by clicking View File. Alternatively, click Clean All Malware to remove all infected files at once.
MalCare automatically:
- Cleans infected files
- Removes malicious scripts from the database
- Resets WordPress security keys
- Clears cached files
- Updates compromised user passwords
18. You will be redirected to the CLEANUP page, where you can select the checkboxes as per your requirements and then click Continue.
19. As you can see, the cleanup has been initiated. It may take a few moments to complete.
20. Once completed, click on the View report button to see a detailed report.
21. The detailed report shows:
- Files cleaned
- Database entries removed
22. Now, return to your site by clicking on the site name in the top-left corner, and then select Review Security.
23. Now you will see the message: Your site is clean. This confirms that the cleanup process was successful, and your site is free from malware.
24. Scroll down to check if there are any infected files in the Carbon Layer as well.
Harden your WordPress site
- Even after cleaning, it’s critical to strengthen defenses:
- Enable firewall (included in free plan).
- Activate login protection:
- Enforce strong passwords
- Limit login attempts
- Enable two-factor authentication
- Enable Bot Protection (premium) to block malicious crawlers.
- Run Daily Malware Scans (every 24h on free, instant on premium).
- Keep Plugins & Themes Updated using MalCare’s centralized updates.
- Schedule Backups (premium) for disaster recovery.
- Regularly check MalCare’s Activity Log to track suspicious changes.
- Use Vulnerability Scanner to detect outdated plugins/themes.
- Enable Uptime Monitoring to receive alerts if your site goes offline.
- For mission-critical sites hosted on Kamatera, consider upgrading to premium for real-time protection and instant malware removal.
And that’s it! We have covered the process of fixing and securing your hacked WordPress site, using MalCare, along with ways to harden your site so you never get hacked again.