Don’t Panic – we can help you with your hacked WordPress site

This is our disaster recovery service for WordPress websites that have been hacked.

If you’ve experience an attack on your website, or it’s gone down for no apparent reason, we know how distressing this can be. You’re losing sales and your business reputation is being affected. Understandably, you want this fixing as soon as possible. This is where we come in.

Usually, it’s very obvious that you’ve been hacked. Your content could be completely rewritten, bearing no resemblance of what should be there. Alternatively, traffic could be redirected to somewhere completely different.

We’ve seen hacked WordPress sites that appear normal, but on closer visual examination, links to undesirable sites were spotted.

Then again, you might not have seen anything wrong, until your hosting provider told you that they’ve discovered something nasty and disabled your site.

The answer is that you, most probably, were not targeted specifically. The reality of attacks is that an automated programme (a “bot”) was trawling around the internet randomly, checking for weaknesses in websites. You were just unlucky.

The fact that you were hacked though, is because a weakness was found. This is something we can fix.

Absolutely not. Contrary to what you may have heard, WordPress (if kept up-to-date) is very secure.

There’s been a “war” between hackers and security experts since the beginning of the World Wide Web. Hackers find a weakness they can exploit, and these vulnerabilities are fixed with updates issued, sometimes within hours.

Weaknesses crop up if you don’t keep the main “core” software of WordPress updated. However, a bigger risk is that WordPress can be enhanced with the use of Themes and Plugins. These vary in quality, depending on the skill of the designer and their promptness in issuing fixes.

If you keep everything up-to-date, this will greatly reduce the likelihood of becoming a victim. Of course, it’s possible that you’re one of the first to be attacked with a new exploit, just as it’s possible to win this weekend’s lottery jackpot. Possible, but unlikely.

Not at all. In fact, we have clients all over the country and even overseas. Distance is no issue.

Work of this nature, usually goes to the front of the queue, so we can start as soon as we’ve received the first payment. It’s usual that this work is completed well within a working day.

If you agree our financial terms, we’ll need administrator access to your website, as well as login details to your hosting provider, ideally with SSH access. We can discuss this with you when we start.

Unfortunately not.

What we can do, is offer suggestions to help keep it up-to-date but applying updates in a timely manner and taking regular backups. If you do take backups, it’s important to test that they actually work.

TRUE STORY… Back in the day when servers were backed up onto tape drives, I came into a server room, and on inspection of said tape, I noticed that the tape was broken. Yes, they put the tape drive in every day, but there’s no way that was ever going to help them.

We also offer our own maintenance contracts where we undertake to keep your site safe and secure. This has the added benefit that, in the unlikely event that your site is hacked, we will restore it within the cost of your contract.

Have some questions about your hacked WordPress site?

Something to try before calling us

If you still have access and can log into the admin area of your website and you’ve been taking regular backups, you could attempt to restore from a backup. Obviously you’d choose one from a time when you knew your website was working correctly. Failing that, you could reach out to your hosting provider and see whether they have a server backup from an earlier date they could restore your site from.

Something to bear in mind. If you have an active site, with lots of updates, or product sales, then you’ll lose the transactions from the time the backup was taken!

If there aren’t any backups to restore from, then you might need to get in touch or give us a call!

We are aware of some companies employing automated methods of searching for malware and other exploits. Whilst there are good reasons for doing this, not lease that it’s cheaper, it’s not an approach we agree with.

The very first thing we’ll do, is take a careful backup of the existing site and rebuild it on a separate, quarantined server.

From then on, our method is more thorough and, in our view, a safer way to do things. We will rebuild the site with what we can salvage, reinstall software from reliable sources, including reinstalling the WordPress core, whilst identifying software that shouldn’t be reinstalled.

Our actions are not limited to WordPress or the website. We’ll also be checking server configuration, .htaccess file, user permissions, etc.

Once the site is repaired and handed back, we will recommend actions to keep it safe and secure, which my include an optional maintenance contract to safeguard you in the future.

How we will fix your hacked WordPress site

Our pricing

Our fees for restoring your hacked WordPress site, are below. We require 50% payment to commence the work, with the balance by return on completion.

Small site

This is ideal for small websites with only a few pages and articles.

FROM £250

Optional monthly support

Maintenance & support


Medium site

For larger sites with many pages, articles and features.

FROM £500

Optional monthly support

Maintenance & support



For eCommerce sites that sell products online.


Optional monthly support

Maintenance & support