What To Do If Your Blog’s Been Hacked


WordPress sites are incredibly popular (over 20% of all online sites use WordPress). Since such a large portion of Internet sites rely on WordPress, they tend to be easier targets for hackers than other platforms. If you are reading this post, I’m assuming that you suspect your site has been hacked for whatever reason, whether it is Google search results, malware notifications, or unusual popups.

What to do if you blog is hacked

Scan Your Site

First, you want to get a second opinion using third-party site scanners. There are three scanners that I like to use to assess a hack: Google’s Safe Browsing Security Check and Sucuri SiteCheck. If those two scans come back with no issues, I then install (if it is not already installed) Wordfence and run a security scan.

If all scans come back okay, reach out to your hosting provider; they might be able to identify where the issue occurs. Likely, it could be a simple plugin conflict.

So, Your Blog Is Hacked

If the scans came back positive for Malware, then you need to hire experts to remove it for you. Hacks are complex, so you want to make sure you hire the right people to remove everything for you and prevent you from being blacklisted from search engines. I recommend you either hire Sucuri or Wordfence. I have had clients work with both with good results. The rates to work with these professionals can be considered a bit high, but it is completely worth it. You are risking losing your brand if you do not get it cleaned up.

If your site has very little content, you can completely delete it and start over. It’s the free alternative. However, I don’t recommend this approach.

Prevent Hacks & Secure Your Site

Whether your site has been hacked or not, you can take precautions to protect your brand and content. If you have been hacked, you are more susceptible to hacks in the future, too.

  • Vaultpress is from the makers of WordPress.com. I have found it the best backup plugin, especially for bloggers. I have had clients try to use free backup plugins that did not in fact backup their blogs.
  • Strong Usernames and Passwords will help prevent any brute-force hacks. You want to make sure you do not use “admin” as a username. Se tup your user profile and install Edit Author Slug plugin.
  • Remove Any Unnecessary Users. If you are the only person on your site, you should have no other user profiles. Sometimes people make the mistake of registering all users and they end up with lots of spam users.
  • Delete ALL Spam Comments and Trash Comments. You should clear out your spam and trash comments on a weekly basis. It will help optimize your database as well!
  • Akismet blocks spam commenters. It’s by far the best tool for spam comments in WordPress.
  • Stay up-to-date on WordPress versions, themes, and plugins. Often updates are related to security updates. It’s super easy to update (just click the button)!
  • Use a Security Plugin to monitor your site. I recommend either Wordfence or Sucuri.

Mobile Pop-up Ads

Several of my clients are members of ad networks. Occasionally, they will notice a popup to download an app on their mobile site. While you might assume that your site has been jeopardized, we’ve discovered that these have been due to subpar ad networks. If you are looking for an ad network, I recommend AdThrive or Rewardstyle. If you do notice this pop- up, reach out to your ad company immediately after you have done step 1.

You Might Also Like: How to Choose the Best WordPress Hosting & Protecting Your Blog + You

Want more WordPress tutorials? Check out these posts! If you have any questions, leave a comment below.

What to do if you blog is hacked