What to do if my WordPress site is hacked?

My WordPress site is hacked

Perfection is a myth! There’s no hosting out there that can promise to be completely hack-proof. It’s always better to be ready for the worst and back up and update your WordPress site as regularly as possible! 

But, how would you know if your WordPress site has been hacked?

Table of Contents

Signs your WordPress site is hacked

  • You can’t log in. Hackers sometimes delete users or change passwords to prevent access. If you’re unable to reset your password, your user account could have been removed. This is a sign of hacking.
  • Your site is redirecting to another site. This will probably be a site you don’t want your users being taken to.
  • When browsing your site, you get a warning in your browser.
  • Google search gives a warning that it may have been hacked.
  • Your site has changed without you having done anything.

If you are still unsure, you can scan your site with external services like https://sitecheck.sucuri.net/ or https://www.isitwp.com/wordpress-website-security-scanner/

  1. Stay Calm.
  2. Restore a backup: 1 click with wetopi.
  3. Verify your backup is clean.
  4. Promote to production this clean restored server: 1 click.
  5. Contact our support team.

The first three steps will help you to publish a clean site in a few minutes.

With this simple process, your users will browse a clean version of your site while our team can work privately in the infected one.

If you need help with your hacked site, ask for help at wetopi

Migrate your hacked site to wetopi

If you aren’t an existing Wetopi client, to save yourself the hassle of all the steps below, you can purchase our Wetopi malware removal service for a one-off fee of 100€.

At wetopi, we migrate your hacked site for FREE,
and clean it for you at the same time.
Request your free migration now
limited offer

Limited to our security-team buffer-time.

Wetopi Guarantee!

In the rare event of a site getting hacked at wetopi, our incredible support team of WordPress experts will quickly and carefully remove the malware for you for free.

if you are a Wetopi client, this is included in your plan:

  • Free from Hack Guarantee –We will fix all hacked site for free
  • Backups included–We keep website backup, we can rollback your site instantly
  • Prevent future attacks– You don’t need to bog down your server resources with Firewall plugins. All plans provide dedicated external WordPress WAF and blacklisting feeds filtering non-legit traffic.
  • Secure checks – We scan your server files to identify malware.
  • 24/7 Support–Once onboard you get assigned to a wetopi engineer.

And one final recommendation, just in case:

Your credentials may have been compromised

One way websites get hacked is if your login details are compromised or leaked from hacks in other sites. We are creatures of habit, and we tend to use the same login details on multiple websites.

Check if known public breaches have ever compromised your login credentials at https://haveibeenpwned.com.

Have I Been Pwned was created in 2013 by Troy Hunt, a security expert, to provide the general public a means to check if their private information has been leaked or compromised?


We are techies passionate about WordPress. With wetopi, a Managed WordPress Hosting, we want to minimize the friction that every professional faces when working and hosting WordPress projects.

Not a wetopi user?

Free full performance servers for your development and test.
No credit card required.

See how Wetopi stacks up against your current hosting

Migrating sites to us is free and completely effortless on your part.

No hidden small text.
No commitments.
No credit card.

Try before you buy.