If your site has been hacked, the very first thing you should do is take your WordPress site offline. You do not want hackers to continue to have access to your site. How you do this will depend on whether you have access to the files where your site is hosted. If you use a hosting company for your WordPress site, go to your file directory and rename index.php to something else, such as indexOLD.php. For those that do not have access to their file directory, contact your hosting company and inform them that your site has been hacked and ask how to proceed.
Scan Your Computer and Files
It is entirely possible that you have uploaded the virus yourself while uploading an image or manually uploading a plugin. Scan your computer using anti-virus software and ensure that you do not have any viruses. After scanning your computer, ensure that your hosting company is aware that your website has been hacked and determine if they have run a scan on your hosted files. If they detect any viruses, make a note of the affected files. Also, browse through your file directory, and look for any files that have been recently modified or recently uploaded.
Restoring Your Website
When it comes to restoring your WordPress site after an attack, there are three main options. The first two involve deleting your entire file directory for your WordPress installation and either restoring your site from a backup or starting from scratch. If you have performed a backup, this is your best option. Before restoring from a backup, scan your backup files for viruses. When you do not have a backup you can either delete everything and start completely over or attempt and find the malicious code or files.
Attempting to find the malicious code on your own can be very complicated and require a lot of time and expertise. Even skilled programmers can have difficulty removing everything affected by a successful hacker. This method is not recommended, which leaves users without backups in a bad spot. No one wants to have to rebuild their website from scratch, but it may be your only choice if there is no backup.
Secure Your Website
Once you have your WordPress site up and running again ensure that you are following proper security procedures. This means that you should keep your installation of WordPress updated as well as all of your plugins. You should also change any passwords and make sure that you setup automatic backups.
Dealing with a hacked WordPress site is not enjoyable, but it is something that you can recover from. For those without a backup, consider this a lesson learnt. Backups are your number one friend in recovering from the damage caused by malicious attacks. Finally, always make every effort to keep your site safe and secure.