Sucuri has devoted years to helping WordPress administrators identify and fix hacked websites. To continue with this process, we have put together this guide to help website owners walk through the process of identifying and cleaning a WordPress hack. This is not meant to be an all-encompassing guide, but if followed, should help address 70% of the infections we see.
Step 1
Identify Hack
1.1 – Scan Your Site
You can use tools that scan your site remotely to find malicious payloads and malware locations. Sucuri has a free WordPress plugin that you can find in the WordPress official repository.
To scan WordPress for hacks:
- Visit the SiteCheck website.
- Click Scan Website.
- If the site is infected, review the warning message.
- Note any payloads and locations (if available).
- Note any blacklist warnings.
If the remote scanner isn’t able to find a payload, continue with other tests in this section. You can also manually review the iFrames / Links / Scripts tab of the Malware Scan to look for unfamiliar or suspicious elements.
If you have multiple websites on the same server we recommend scanning them all (you can also use SiteCheck to do this). Cross-site contamination is one of the leading causes of reinfections. We encourage every website owner to isolate their hosting and web accounts.