Has your site been hacked or malware injected in the code? This is a serious issue and with tens to can hit a WordPress site at any time.

With some sites running 50-100 plugins at a time, it’s very difficult to get to the root cause of the problem.

Thankfully it’s not the first time we’ve hear of a hacked site, here are our recommendations:

If you aren’t willing to clean the site yourself, you can just skip this and contact team at Sucuri right away to get your site cleaned:

Contact Sucuri right away.

The Solution

 If you have been hacked:

  1. Contact your host to ask what they can help you with. In most cases, hosts can scan your web space for viruses or malware and ensure the server you are on has not been affected. Most importantly, they can tell you if the database has been infected or not.
  2. Connect to your web space via FTP and download any backups to your hard-disk. Be very selective in downloading anything else, and choose critical files you can’t live without. Know that any theme files cannot be restored later, so only back them up for reference if you have made changes.
  3. Download a fresh copy of WordPress from and upload the /wp-includes/ and /wp-admin/ folders to your web space. Often times the hack or malware exist solely in those folders.
  4. If this does now work, once again ensure you have a backup of your site at the last clean state, and delete the entire contents of your web space, including your WordPress install.
  5. In your hosting control panel, create a new database. If you only have one database install available, delete the existing and recreate it. If you are unable to do this, at least reset the database password to something new and complicated.
    • A full phrase is the most secure.
    • Make note of the username, password and address.
  6. Continue with your theme’s documentation for setting up your theme. If you have a backup export of your content, you may import it once WooCommerce is reconfigured under Tools > Import.
  7. Install some security plugins to help keep your site secure in the future. We recommend using the free Sucuri Plugin for WordPress

Preventing Hacks and Attacks

Reduce your chances of facing a do-over by hardening WordPress and following these simple steps:

  1. Never download themes from an unauthorized source, library or torrent site. Obox themes are only authorized for download on ThemeForest and our own site for Obox direct customers.
  2. Use difficult passwords for your database, hosting control panel and WordPress
  3. Always perform updates to themes, plugins and WordPress when available
  4. Check your comments and users are regularly and delete any spam or suspicious activity
  5. Install a security plugin and consider an anti-spam plugin such as Akismet, User Spam Remover or Spam Free WordPress
  6. Backup your site! WordPress has several plugins to help automate backups, such as WP-DB-Backup, WP-DB-Manager and even a WordPress backup to Dropbox. Check out your options under Plugins > Add New. (Search for “Backup”).

Using an Expert company

As mentioned in the introduction, there are companies that specialize in WordPress site cleaning and hardening. One such company which we have used ourselves over 10 times before is Sucuri.

Sucuri are one of the most trusted companies when it comes to protecting and fixing WordPress sites. We could not be happier to recommend their services:

Get your site cleaned by Sucuri

Additional Guides

My site is built on Drupal or Magento