Repairing and securing hacked WordPress websites

Without regular monitoring and appropriate security measures, WordPress sites are vulnerable to hacking. In the event of WordPress hack, there are emergency to get your website back, but you have to keep calm and react well. We take action to protect your WordPress site and manage WordPress hacking effectively.

Request a professional repair

Repairing a WordPress site requires a strict protocol for deep site cleaning. The next step is to make sure address security vulnerabilities that made this hack possible. The package enables’prevent recurrence WordPress hack.

The longer a hack lasts, the more the loss of referencing and the impact on your image online will be substantial. Without quick response, If your site is infected, the infection is likely to worsen and further alter the content of your site, making repair more complex or even impossible.

Discover solutions to regain control and respond effectively.

How could my site have been hacked?

If a security vulnerability is present on your site, then a pirate could technically be take control total. These vulnerabilities can come into play at many levels, but the contributing factors include, in particular, the lack of updates and the choice of weak passwords, combined with Low-end hosting plans without WordPress-specific security features. When a hacker takes control of your website, this is referred to as « hack »or" or website hacking.

Hacked WordPress website, hacker logo hacker

«My WordPress site has been hacked»

Action is urgently needed. Let's fix it and make it safe!

What are the consequences of a hack?

When your site WordPress has been hacked, This means that visitor and administrator data can be leaked, and your users can be redirected to malicious sites.

Your website's reputation may also be damaged, both in the eyes of visitors and in terms of your search engine rankings.

It is therefore urgent that you take action to fix your website quickly and minimize the damage.

Your site has a 99 % chance of being fixable

Don't worry: If your website's data is still there, then it can certainly be recovered, even if you don't have a backup.

Statistically, LRob notes that only 1 out of every 100 sites cannot be repaired.

Indeed, thepirates rarely delete data. Conversely, they add malicious content to your site in order to discreetly take control of it and serve fraudulent activities. Their traces can therefore be erased.

hacked wordpress site repair: an angel at your service

Fast, Professional Repairs

within 24 hours, 7 days a week

LRob is a web hosting provider WordPress specialist and safety.
Repairs are handled on a priority basis.

What's Included in the Repair by LRob

Free Diagnosis

Repair, Securing

Resumption of Production

Intervention Report

Personalized Safety Tips

90-Day No-Recurrence Guarantee

All-inclusive package: 360€ (excluding tax)

Repair or Refund

Contact us

Phone number during business hours: 02 21 827 827
On-call duty (evenings, weekends, holidays): 06 27 37 44 92

List any issues you have identified here

What are the signs of a WordPress hack?

Here are the 9 most common symptoms of a hacked WordPress site.
(click on the symptom to view details)

If you notice any of these signs that your WordPress site has been hacked, don't hesitate to contact us for immediate assistance.

1. Unwanted ads and redirected site

Unwanted ads or redirects to unknown or dangerous third-party sites appear on your site.

The hacker was able to break into the site's files and/or database to insert these ads and redirects. His aim is to steal your traffic to generate revenue.

2. Unable to log in as administrator

Your administrator password no longer works or seems to change unexpectedly after each reset.

The hacker has introduced a backdoor (code hidden in your site) enabling him to change all your passwords at will.

There's no point in resetting the WordPress administrator password or even changing all the passwords until the site has been repaired.

3. You receive notifications of rejected e-mails

You receive notifications of rejected e-mails (also known as bounces or mailer-daemons) that you have not sent yourself.

The hacker is using your site to send emails, or may have compromised your email password. In some cases, they are simply using a poorly configured and insecure contact form as a platform to send emails to the recipients of their choice, which also needs to be addressed to avoid your blacklisting.

4. Google Safe Browsing or antivirus security alert

When you visit your site, your browser displays a «Dangerous or malicious site» alert, either via Google Safe Browsing or via your antivirus software. The blocked URL displayed belongs to your site or to a third-party site.

Your site contains URLs from phishing, malware, or redirects to malicious sites. Google maintains a database of these malicious sites, which all web browsers use to protect visitors. Your domain name has been blacklisted.

5. Unwanted content and foreign languages

You notice additional or modified articles or pages on your website or in search engines. They are often in a foreign language. And they often contain suspicious links to other websites.

The hacker controls your site. Either via a administrator account added, or via a backdoor enabling it to inject code into the database. This allows him to insert any content he wishes.

Not to be confused with «spam» comments. This concern must be addressed, but does not necessarily mean that your site has been compromised.

6. Unknown users

You see one or more unknown administrator users in your WordPress user list. Sometimes, you notice that the details of your administrator account have changed.
NB: As you don't want to log in to the site administration, you can also see this in the database table wp_users (via phpMyAdmin for example).

The hacker controls your site. Either via a administrator account added or compromised, or (and this is the most common case) via a backdoor enabling it to inject code into the database. This enables it to control site users.

This is not to be confused with unwanted users registering on your site. This concern must be addressed, but does not necessarily mean that your site has been compromised.

7. Phishing pages

You may notice that some URLs or files (often .html) resemble pages from well-known sites, either through a statistics tool or when exploring your site's files.

This is called phishing. The hacker has taken control of your site and can upload any files they want or make changes to the database. They then use your site as a gateway: they host fake, fraudulent pages on it and redirect their victims to those pages—after sending them fake emails—in order to steal their personal information.

8. Suspicious or intruder files

To observe the suspicious files, You'll need to browse your site files via FTP or your hosting panel. You may even notice an intruder file or folder in your WordPress files. Sometimes these are «.zip» files, and sometimes they're in the underlying folders. If in doubt, compare with the archive on wordpress.org.

The hacker has been able to send unwanted files to your site and now has complete control. He can read existing files and add new ones. He will usually have taken care to hide «backdoor» files throughout the files in an attempt to retain access to the site even if you clean up the content.

9. Slower performance

If your site is particularly slow to load, and you notice a deterioration in loading times, then this could be an indicator of piracy. If you're not yet hosted by LRob, this could also be due to your host being slow. If in doubt, contact your host to check whether it is experiencing abnormal slowness.

What should I do if my WordPress site is hacked?

First aid :

  • React quickly but calmly. Your site needs urgent attention, but it's probably repairable. Sit back, take a breath and take 15 or 30 minutes to find out what's going on, get advice and make sure you don't make any mistakes in the rush.
  • Restrict access If your host allows it, suspend public access (put the site in maintenance mode at host level) to prevent any further alteration of the site or exploitation of your site by the hacker.
  • Making a backup a backup of the site as-is in case the hacking gets worse and to preserve your latest changes.
  • Identify vulnerabilities : If the vulnerability isn't fixed, your site will be hacked again. It's essential that you find out how the hacker gained access: a vulnerability in a site script? A password that wasn't secure enough? An open FTP port?
  • Restore a backup If you have a healthy backup (files and database), restore it.
  • Update the website : Only after restoring a clean backup; otherwise, you won’t clean anything up and will make it difficult—if not impossible—to identify the vulnerabilities that allowed the initial hack. Don’t forget to check whether you’re using unmaintained scripts that no longer receive updates.
  • Update your hosting : Choose a web host high security, such as LRob, or check if an application firewall is available through your hosting provider, and update the version of PHP that powers your site (see the Supported PHP versions).
  • Change all passwords likely to have been leaked, or used in several places (especially your WordPress administration password). If necessary, consider using a password manager to keep your access secure.
  • If you don't have a backup, In this case, it's time for a thorough site analysis and the repair described below.

Need help? Call in a pro.

What NOT to do in the event of a WordPress hack?

Gestures to avoid:

  • Don't log in to administration of a hacked WordPress site, it can transmit your logins to the hacker.
  • Do not attempt to update via admin access, In addition to transmitting your logins to the hacker, this would in no way erase the malicious scripts and mask the loopholes used, making it impossible to verify the precise cause of the hacking and avoid it later.
  • Do not restore a backup by simply replacing the files. : This standard method does not delete the added files and therefore leaves the hacker's backdoors in place. You must delete everything before restoring the site. Make sure you have a really good backup of the site at 300% (files and database) beforehand.

How do I clean an infected WordPress site?

After a hack, you’ll need to thoroughly clean up your WordPress site. In addition, you should perform a thorough security check—including your web hosting—to ensure your site’s long-term security.

WordPress repair requires a great deal of rigor and a perfect command of WordPress and web hosting. This will prevent any loss of data, preserve your site's functionality and protect you against recurrences. Removing malware is not a trivial task, as it can take many forms and nestle in unlikely folders or database locations.

If you don't have a full grasp of these technical points for repairing a WordPress site, find professional advice by calling us at : 0221 827 827 (outside working hours, emergency number : 06 27 37 44 92)

LRob Procedure for Repairing an Infected WordPress Site

Here are our key steps for repairing and securing your WordPress site:

  1. Back up the site as is (files via FTP + database)
  2. Duplicate the site in a controlled and secure environment equipped with diagnostic tools (ideally a LRob WordPress hosting (with WordPress Toolkit and Imunify).
  3. Auditing the site to identify the vulnerabilities exploited by the hacker, drawing in particular on the’analysis of access logs.
  4. Reinstall WordPress based on the original files, after completely removing the core to eliminate any added files.
  5. Analyze all files to identify and remove intrusive or malicious scripts, including those hidden in themes and extensions.
  6. Check the media folder, where the presence of executable files is inherently suspicious.
  7. Clear the caches and delete any suspicious or corrupted themes or extensions, identified in particular by the dates and contents of recently modified files.
  8. Check and clean the database for any backdoor, redirection or spam content in pages and articles.
  9. Clean the database any backdoors, redirects, or unwanted content.
  10. Renew all access rights (WordPress, FTP, database, SSH) and harden the site's configuration.
  11. Update all components (WordPress core, themes, and plugins).
  12. Verify the integrity of all files through an in-depth analysis.
  13. Conduct a final security audit and recommend measures to prevent a recurrence.
  14. Strengthen WordPress and Server Settings to prevent risky behavior.
  15. In the event of a leak of sensitive data : advise you on the steps to take, compile a technical file for filing a complaint, and file the GDPR report.
  16. Save and archive the repaired site for 1 year.
  17. Restore the site to production, ideally on a secure WordPress hosting LRob.
  18. Establishing Long-Term Protection : Automatic updates and backups managed at the server level by LRob.
  19. Provide you with all the relevant information on the maintenance and long-term sustainability of your website.
  20. Guarantee service for 90 days, or for an unlimited period with a Webmastering Services Advanced or higher.

Frequently asked questions

How do I know if my WordPress site has been hacked?

If you notice any of these signs, it's likely that your site has been compromised. We invite you Please contact us immediately for a free evaluation if you have any questions.

  1. Your administrator password no longer works or seems to change unexpectedly.
  2. Advertisements or redirections to third-party sites appear on your site.
  3. You receive notifications of rejected e-mails that you did not send, indicating unauthorized use of your site.
  4. Your site displays a security alert from Google Safe Browsing, reporting malicious content.
  5. You notice the presence of unwanted content, often in foreign languages, with links likely to promote fraudulent sites.
  6. Unknown users appear in the WordPress user list, sometimes as administrators.
  7. Your site contains phishing pages that look like institutional sites and may cause a loss of referencing.
Who are you and why should I trust you?

Our LRob SARL was founded by Robin Labadie, a an active specialist in the French-speaking WordPress community for many years (See resume). Throughout our career, we have come across many WordPress sites that were not properly maintained, and we have always been able to fix them using a reliable and effective method developed through years of experience to thoroughly clean up and secure WordPress sites for the long term.

Read more
How could my site have been hacked?

The reasons behind the hacking of your website are generally related to security vulnerabilities. The security vulnerabilities that may have allowed your website to be hacked will be listed in our incident report.

WordPress, as an interactive system, includes thousands of lines of code and numerous plugins, creating opportunities for security vulnerabilities. Every day, such vulnerabilities are discovered and corrected by developers.

Given that WordPress is widely used, it is often the under attack. Hackers test different vulnerabilities on various WordPress sites until we find a vulnerability.

Reasons for intrusion may include:

  • Missing updates or the use of obsolete scripts. This can leave a loophole in an extension or theme that can allow a hacker to’inject malware in your site's files, often discreetly.
  • Weak passwords for administrator, FTP and database accounts.
  • Insufficiently secure hosting without adequate protection against attacks.

It's crucial to reinforce all aspects of security, including using secure hosting specially configured for WordPress, as well as regular maintenance, to prevent future intrusions. My offer Webmastering Critical is designed with this in mind.

Why was my site targeted?

Because he was vulnerable, you were an «easy» target.

Online attackers don't usually make distinctions: they attack all sites, including those of the self-employed, small businesses, small associations or local authorities. Truly targeted attacks are rare. That's why, if your site has security flaws, it's not a question of «if», but «when» your site will be hacked.

Whether your site is specifically targeted or not, it's essential to take all necessary measures to ensure complete security and prevent any recurrence.

I've updated my site after a hack, is that enough?

No, that's not enough, nor is it recommended. It's necessary to carry out a complete audit of the site's files and database, and to identify other potential vulnerabilities and unauthorized users.

Because most hackers often leave backdoors in their code to maintain their access, and these are not erased by a simple hack. update.

So, to carry out the update, If you've gone through the hacked site's back-office, this can give the hacker access to your password, which you'll have to change wherever you use it.

If you have already applied updates after a breach, this may make it impossible to identify the vulnerability exploited by the hacker.

Security is a specialist field. When in doubt, call on your safety expert LRob.

Why is WordPress being hacked?

WordPress is an attractive target for hackers due to its high popularity (43% of the websites) and the mass availability of information on security vulnerabilities.

Hackers' motivations are generally linked to illegal financial gain. They use various methods, such as data theft and resale, as well as phishing, to achieve this goal.

What is the response/recovery time?

Your site can be repaired within 24 hours, including evenings, weekends and public holidays. Such a turnaround also requires your responsiveness.

Piracy is an emergency and your request is treated as a priority.

For best results, we recommend that you fill in the form and then call us.

For rapid intervention, you need to provide access to files and database then, as soon as you have confirmation that your site is repairable, place your order.

After a preliminary diagnosis by telephone or via the contact form and payment on your part, the repair begins.

What access is required for repairs?

To perform the repair, we just need access to the files and the database to your site. FTP and phpMyAdmin access are sufficient, but access to the hosting control panel or to a file and database archive of the site as-is is also acceptable. On a dedicated server, SSH access with sufficient permissions is recommended.

What do I pay if my site can't be repaired?

LRob hopes that you will not be charged any fees if, unfortunately, your website cannot be repaired.

The diagnosis prior to the order is designed to check the feasibility of the intervention.

However, if the repair process reveals that your site has been too severely compromised and your content is no longer available, LRob promises to refund you within 7 business days. You may also opt for a credit applied to the amount already paid for hosting, website design, or a website redesign, if you prefer.

Your warranty is for 90 days, so why not longer?

A maintenance-free site starts to run a significant risk after 3 months without updates. In other words, after 3 months, what happens to your site is no longer related to the initial security.

If you opt for LRob hosting, you'll benefit from automatic updates and security alerts.
If you choose a webmastering plan, we’ll closely monitor your site’s security, and you’ll benefit from our «0 hack» guarantee: any hacking incidents on your hosted site will be resolved free of charge.

How long is the downtime during the procedure?

Usually just a few seconds.

Our work is designed to cause no significant disruption.

First, duplicating your site to our environment has no impact on your site. Next, the site is restored to production in a way that minimizes downtime. The first few seconds of downtime are due to renaming the folder containing the compromised site to a new folder containing the pre-sent, repaired site. Finally, importing the repaired database usually takes a few seconds, during which the site may be unresponsive; the duration of this step depends on the size of your site’s database and the performance of your hosting provider, if you have not chosen LRob.

If you've chosen LRob hosting, then migration to the new server won't cause any downtime thanks to perfect DNS control!

How do I secure a WordPress site?
And what are the best practices for avoiding piracy?

Updating, tracking vulnerabilities and choosing a secure hosting provider.

If it has been hacked, adding a security plugin or extension or the update are by no means sufficient. First of all, you need to follow the above safety tips.

Once all traces of piracy have been removed, there are a number of best practices to protect against attacks.

The first rule for strengthening the security of your WordPress site is to keep it (theme, WordPress core and plugins) updated as frequently as possible, with at least one update per month. This allows you to correct any security flaws that may become apparent over time.

Often forgotten, the version of PHP running your WordPress site must also be updated at least 1x a year to follow the official PHP roadmap.

Security plug-ins are expensive in terms of performance, and not always very effective. Because when it comes to defending the fortress wall, there's no point holding the wall up with your hands. In other words, protecting yourself from the inside is not optimal, even if, when your host doesn't support it, it can block brute force attacks. Some of these security extensions may even contain security holes of their own. Instead, consider solid web hosting.

Web hosting must block malicious requests via WAF (application firewall), detect bruteforce attacks (brute force, testing all passwords) and ideally block all attacking IPs at server level. It's also highly advisable to have an alert system in place in the event of a known security flaw in your site. So to choose secure hosting, choose LRob web hosting who make it a point of honor to offer you the best active protection.

If your core business isn't the web, and you want to free up your time and peace of mind, it's best to also choose a professional WordPress webmaster.

Testimonials – What LRob Customers Have to Say

Mathieu CELLUCCI - Labographic Agency

⭐⭐⭐⭐⭐ - Google reviews

I discovered LRob after my sites were hacked just over 3 years ago. Initially, I contacted him to get my sites back online, recover them and clean them of all the viruses they contained. I was blown away by his impressive responsiveness. I should point out that the hacking occurred on August 15, in the middle of summer, in the middle of the vacation season!

From our very first contact, a bond was forged. He was both ultra-responsive and extremely benevolent. He took the opportunity to host all my sites on a secure server.

I naturally chose to continue the adventure with him, and today I work hand in hand with his company. The rates are ultra-competitive, and above all, the service is top-notch. I'll never turn to another supplier again.

Of course, I recommend LRob (or Robin, for those lucky enough to work with him directly) to all small agencies... and even to the bigger ones! If you're looking for a reliable, human and responsive web host that gives you peace of mind: go for it!

Grégory CORTES - Hello & Co Agency

⭐⭐⭐⭐⭐ - Google reviews

I've been working with Robin for almost a year. LRob's service is light years ahead of the better-known hosting companies. One ring and Robin picks up the phone: «What can I do to help you?»

And that's when you realize that you're not just dealing with technical support, but with a partner you can trust. Responsive, instructive and always ready to listen, Robin finds tailor-made solutions, even in emergency situations. He knows his customers, anticipates their needs, and really takes to heart the reliability and performance of the sites he hosts.

With LRob, the days of anonymous tickets, interminable waiting times and automated responses are over. Here, you talk to a competent human being who masters his subject and keeps his promises.

In short, a human-sized, ultra-professional hosting company, and real peace of mind for me. I recommend it with my eyes closed.

Emeline JAFFRÉ - Digital Communication

⭐⭐⭐⭐⭐ - Google reviews

Robin is an expert in his field! Attentive to my needs, very responsive and educational, it's a real pleasure to work with a service provider you can trust. I can only recommend Robin's services.

Coralie Laurent - 01/25/2024

⭐⭐⭐⭐⭐ - Review via LRob.fr

Very satisfied with Robin's intervention

My website was heavily infected, so I needed a thorough analysis and a quick fix. Robin was very efficient; he conducted a preliminary analysis of the situation to provide a quote, then fixed the issue in just a few hours. He sent me a detailed report the next day with the full analysis. I recommend him without hesitation!