What this solves
Your site was hacked or has malware. This guide outlines the steps to take.
Step 1: Limit damage
Change all passwords (cPanel, FTP, database, WordPress admin). Put the site in maintenance mode or take it offline if necessary so visitors aren’t affected.
Step 2: Identify the issue
Scan with a security plugin (e.g. Wordfence, Sucuri) or our scanner if we offer one. Check recently modified files and unknown plugins/themes. Review access logs for suspicious IPs.
Step 3: Clean or restore
Remove malicious code from infected files, or delete and replace them from a clean backup. Remove backdoors and unknown admin users. Update WordPress, plugins, and themes.
Step 4: Harden
Update all software, use strong passwords, limit login attempts, and consider a WAF or security plugin. Restore from a known-good backup if the infection is widespread.
When to contact support
We can help with scans, cleanup, or restore from our backups. Open a ticket with “Security” or “Hacked site.”
Was this helpful?
Thanks for your feedback!