Don't Panic — Act Quickly
A hacked site can be recovered. The key is to act fast before more damage is done.
Step 1 – Take the Site Offline Temporarily
Add a maintenance mode or put an .htaccess password on your site to prevent visitors landing on malicious content.
Step 2 – Change All Passwords Immediately
- WordPress admin password
- cPanel / hosting password
- FTP/SFTP password
- Database password (update wp-config.php too)
- Email account passwords
Step 3 – Restore from a Clean Backup
If webzworld's daily backup is clean (before the hack):
1. Log in to cPanel → Backup or JetBackup
2. Restore files and database from a clean date
3. After restore, change all passwords again
Step 4 – Scan for Malware
If no clean backup exists, use these tools:
- Wordfence plugin (free) — does a full file scan
- MalCare plugin — scan and clean in one click
- Sucuri SiteCheck (sitecheck.sucuri.net) — external scanner
Remove all flagged files and follow the cleanup report.
Step 5 – Update Everything
- WordPress core
- All themes
- All plugins
Delete unused themes and plugins entirely.
Step 6 – Harden Your Site
- Change your login URL using WPS Hide Login plugin
- Enable two-factor authentication (miniOrange or Google Authenticator plugin)
- Limit login attempts (Limit Login Attempts Reloaded plugin)
- Install Wordfence Firewall
Step 7 – Request Google Review
If Google has flagged your site:
1. Go to Google Search Console
2. Security Issues → Request Review
Google typically reviews within 24–72 hours.
webzworld Security Assistance
Open a priority support ticket at support@webzworld.com. Our team will scan, clean, and harden your WordPress site.