• By Globetec Technology Group
  • 26 Feb, 2026
  • WordPress

My WordPress Was Hacked! What to Do Right Now (2026 Emergency Guide)

You open your website and see something that shouldn't be there: ads in another language, a "This site has been hacked" message, a blank screen, or Google warns you that your site contains malware. The panic is immediate and understandable. Your WordPress has been hacked and you don't know what to do. Breathe. With the right steps, the situation has a solution.

WordPress powers 43% of all websites in the world, making it the number one target for hackers. Not because it's insecure by design, but because there are millions of outdated installations with vulnerable plugins and weak passwords. In this emergency guide we tell you exactly what to do step by step.

How to Tell if Your WordPress Was Hacked

It's not always obvious. Some hacks are silent and designed so you don't notice while they use your site to send spam, steal data, or mine cryptocurrency. The most common signs are:

  • Your site shows strange content, in another language or links to unknown sites
  • Google Chrome shows a "Dangerous Site" warning before entering
  • Your hosting suspended your account for suspicious activity
  • You receive emails from clients saying your site isn't working or showing strange things
  • Google Search Console notifies you of malware or hacked content
  • Your site redirects visitors to other sites
  • Pages, posts, or admin users appear that you didn't create
  • Your site is incredibly slow for no apparent reason (could be cryptocurrency mining)

Emergency Steps: What to Do When Your WordPress Was Hacked

Step 1: Don't panic, act calmly

The most common mistake under pressure is making changes without method and making the situation worse. Follow these steps in order and document everything you do. Information about what happened will help you understand how to prevent it in the future.

Step 2: Activate maintenance mode

The first thing is to protect your visitors and prevent the hack from affecting more pages or users. If you can access the WordPress admin, activate maintenance mode. If you can't get in, contact your hosting to temporarily suspend the site while you clean it.

Step 3: Change ALL passwords

Immediately change: WordPress admin password, database password, FTP/SFTP password, hosting panel password, and email password associated with the domain. Use long and unique passwords for each. Enable two-factor authentication wherever possible.

Step 4: Make a backup of the current state

Even if the site is hacked, save a copy of the current state before cleaning. If something goes wrong during the cleanup, you can return to this point and seek professional help. Back up the server files and database.

Step 5: Identify malware with a scanner

Tools like Wordfence, MalCare, or Sucuri can scan your WordPress for infected files, injected malicious code, and backdoors (back doors that the hacker left to re-enter). The scanner will tell you exactly which files are compromised.

60% of WordPress hacks occur through outdated plugins or themes. Preventive maintenance (regular updates, strong passwords, automatic backups) costs infinitely less than recovering from a hack. The question is not if you will be attacked, but when.

Step 6: Clean infected files

This is the most delicate technical part. Options:

  • If you have a recent clean backup: Restoring it is the safest and fastest option.
  • If you don't have a backup: Reinstall WordPress from scratch, reinstall plugins and theme from official sources, and restore only the database content (posts, pages, users) after cleaning it.
  • Manual cleanup: Requires server access and technical knowledge. WordPress core files are compared with the official version to identify modifications.

Step 7: Find and remove backdoors

Hackers always leave a back door. If you don't find and remove it, they'll re-enter even if you clean everything else. Backdoors are usually hidden in theme files, in the uploads directory, or in modified core files. Look for suspicious PHP functions like eval(), base64_decode(), or exec() in places they shouldn't be.

Step 8: Update everything

Once the site is clean, update: WordPress core to the latest version, all plugins to their most recent versions, the active theme and its dependencies. Uninstall and completely remove (not just deactivate) plugins and themes you don't use.

Step 9: Request a Google review

If Google marked your site as dangerous, once clean you must request a review from Google Search Console. The process usually takes between 1 and 3 days. Meanwhile, the warning will continue to appear for users.

How to Prevent Your WordPress from Being Hacked Again

  • Automatic daily backups: If something happens, restoring is a matter of minutes.
  • Automatic updates: WordPress, plugins, and themes always on the latest version.
  • Strong and unique passwords: Minimum 12 characters with uppercase, numbers, and symbols.
  • Two-factor authentication: Mandatory for admin accounts.
  • Web Application Firewall (WAF): Cloudflare or Wordfence block attacks before they reach your site.
  • Limit login attempts: Block IPs that try to access with multiple passwords.
  • Change login URL: /wp-admin is the target of millions of automated attacks. Changing it dramatically reduces risk.
  • Secure hosting: With isolation between accounts, malware scanning, and proactive technical support.

When to Call an Expert?

Whenever possible, hack cleanup should be done by someone with technical experience. Mistakes during cleanup can:

  • Permanently destroy data
  • Leave active backdoors you didn't detect
  • Corrupt the database
  • Make the site inaccessible

If you don't have technical experience with WordPress, contact a specialist immediately. The cost of professional cleanup is always less than the cost of losing data, reputation, and customers.

Conclusion

A hacked WordPress is a crisis, but with the right steps and adequate help, it has a solution. Most importantly: don't wait until you're hacked to worry about security. Preventive maintenance is always the best investment.

At Globetec Technology Group we offer WordPress malware cleanup services, hacked site recovery, and preventive maintenance plans that keep your site secure 24/7. Contact us now for an emergency response or to protect your site before it's too late.