The process I used to clean and restore a hacked WordPress website

“Half of all Cyber attacks are targeted at small businesses.
Small business owners often do not pay attention to cybersecurity, thinking they’re not even worth being attacked, and this is what makes them the perfect target.”
[1. CPO Magazine]

Recently I had the task of restoring a Hacked Wordpress website.
This time I decided to record a hacked website recovery workflow.

Editing the video started off awful as I already lost (deleted) one of my pre malware scan videos.
But the show must go on, so I used videos and screenshots from another website restoration job as samples.

Workflow Overview

1) Verify website hacked (malware scanners, hosting malware reports).
2) Delete WordPress (totally clean your server).
3) Reinstall WordPress.
4) Restore the website with older backup (fresh backup may contain malware).
5) Check your FTP accounts, remove any unauthorized accounts.
6) Update all plugins, themes, and content.
7) Have users change passwords.
8) Verify the website clean with online malware scanners.
9) Clear Google blacklisting through Search Console.

“WordPress is the most popular CMS….
The problem is, this same popularity also means WordPress is the equivalent of a jackpot for hackers.”[2. SecurityBoulvard.com]

References

1) CPO Magazine
2) Security Boulavard