-
Make a backup of everything you have left, especially your database and wp-content folder. Some hosts simply delete hacked websites and you don’t want to lose your entire work to this.
-
Talk to your hosting company. Good quality providers have staff at hand who know their way around the hosting environment and might be able to fix things for you. Plus, the hack might be due to server insecurity, so they need to deal with that.
-
Scan your local computer to make sure the hack didn’t originate from there.
-
Restore from backup. If you have an uncompromised backup of your site, go back to that version and follow the advice below on locking down your site via password changes, updates, and extra hardening. If not, continue.
-
Change all your passwords to the back end and force all other admin users to do the same, e.g. via https://wordpress.org/plugins/expire-passwords/. While you are at it, check if there are any users on your site that don’t belong there.
-
Install https://wordpress.org/plugins/sucuri-scanner/ and have it scan all WordPress core files for integrity. Alternatively, use external scanners below.
-
Replace the compromised files with their originals. The easiest way is usually to simply re-install WordPress. You can do this from the back end or manually. Update your plugins and theme. Delete those that you are not using.
-
Replace your SALTs inside wp-config.php. https://api.wordpress.org/secret-key/1.1/salt/
-
Change your password once more and all other important credentials: Hosting account login, FTP login, MySQL database password, admin email address password.
-
Implement additional security measures: https://wordpress.org/support/article/hardening-wordpress/
-
Re-run security checks so you know you haven’t missed anything.
External scanners: