If your website has been hacked, your first job is to stop the damage from spreading and preserve enough information to recover properly. Avoid making random changes or deleting files before you understand what happened.
A hacked site can affect visitors, search visibility, forms, customer trust, advertising, email delivery, and business operations.
One sign does not prove every part of the site is compromised, but it is enough to investigate.
Stop Routine Editing
Do not keep editing pages, installing plugins, or changing settings as usual. Routine edits can hide clues and make recovery harder.
Document what you see before cleanup begins:
Date and time you noticed the issue
Affected pages
Screenshots
Warning messages
Recent changes
New users, files, or plugins
Any notifications from hosting, search tools, or security tools
This information helps whoever repairs the site understand the timeline.
If a security specialist or hosting provider asks you not to delete files yet, follow that direction. Some files that look suspicious may help identify how the site was compromised.
Protect Access First
Change passwords from a trusted device, not from a computer that may be infected.
Database users, if advised by the person repairing the site
Email accounts tied to website administration
Enable multi-factor authentication where available.
Also remove unknown admin users and review existing accounts. If you are not sure whether an account is legitimate, confirm before deleting it.
Contact the Right Provider or Specialist
If you manage the site yourself, contact your hosting provider or a qualified website security specialist. If an agency or developer manages your site, tell them immediately and ask what they need from you.
Do not assume the problem is only WordPress, only hosting, or only a plugin. A proper review may need to check files, database content, user accounts, plugins, themes, redirects, server logs, and backups.
Decide Whether to Take the Site Offline Temporarily
If the site is redirecting visitors, serving malware, collecting sensitive information, or harming customers, it may need to be taken offline or placed in maintenance mode while it is repaired.
That decision depends on the business impact and the severity of the issue. A simple spam page may be handled differently from a compromised checkout or customer portal.
If the site handles payments, personal information, medical information, legal information, or account logins, get professional help quickly.
Do Not Restore Blindly
Restoring a backup can help, but only if the backup is from before the compromise and does not reintroduce the same vulnerability.
Before restoring, confirm:
Backup date
What files and database content are included
Whether new orders, bookings, or form entries may be lost
Whether the backup is from before the hack
Whether the vulnerability has been fixed
If you restore the site without fixing the entry point, the site may be hacked again.
Remove the Infection and Fix the Entry Point
Repair usually involves more than deleting one suspicious file.
The person handling cleanup may need to:
Scan files and database content
Remove malicious files
Remove injected scripts or spam pages
Replace altered core files
Update WordPress, themes, and plugins
Remove abandoned plugins or themes
Review file permissions
Check redirects
Review admin users
Rotate credentials
Add monitoring
The goal is to remove the infection and reduce the chance of repeat compromise.
Check Search and Browser Warnings
After cleanup, check whether browsers, search engines, or security tools still flag the site.
You may need to:
Resubmit the site for review in search tools
Clear security warnings after verification
Remove spam URLs from sitemaps
Check priority pages in search results
Review analytics for unusual traffic
Warnings may not disappear instantly after cleanup. Follow the review process for the tool that issued the warning.
Test the Site After Recovery
After the repair, test:
Homepage
Contact forms
Checkout or booking flow
Login pages
Mobile layout
Main navigation
Email notifications
HTTPS
Search results for the business name
Admin users
Also review whether any customer data, payment data, or private information may have been exposed. If that is possible, talk to the appropriate legal, privacy, or compliance professional for your situation.
Build a Better Recovery Plan
After the site is working again, improve the routine:
Use unique passwords
Enable multi-factor authentication
Limit administrator accounts
Keep software updated
Remove unused plugins and themes
Set up regular backups
Test backup restores
Add malware scanning or monitoring
Keep notes on who manages domain, hosting, email, and website access
Tech Help Canada’s WordPress maintenance resource can help you plan ongoing updates, backups, and monitoring after the immediate problem is fixed.
We empower people to succeed through practical business information and essential services. If you’re looking for help with SEO, copywriting, or getting your online presence set up properly, you’re in the right place. If this piece helped, feel free to share it with someone who’d get value from it. Do you need help with something? Contact Us
Want a heads-up once a week whenever a new article drops?
