WordPress is a popular content management system (CMS) powering millions of websites worldwide. Unfortunately, its popularity also makes it a prime target for hackers. If your WordPress site has been compromised, it’s crucial to act swiftly to minimize the damage and secure your site. One of the best tools to help you with this process is Wordfence.

In this article, we’ll walk you through the steps to clean up your hacked WordPress site using Wordfence. By the end, you’ll have a clear understanding of how to use this powerful tool to regain control, repair the damage, and protect your site from future attacks.

Step 1: Install and Activate Wordfence

If you don’t have Wordfence installed on your WordPress site, you’ll need to install and activate it first. To do this, follow these steps:

  1. Log in to your WordPress dashboard.
  2. Go to ‘Plugins’ > ‘Add New.’
  3. Search for ‘Wordfence’ in the search bar.
  4. Click ‘Install Now’ on the Wordfence Security – Firewall & Malware Scan plugin.
  5. Once installed, click ‘Activate.’

Step 2 Configure WordFence

Configure Wordfence settings to strengthen your site’s security. In your WordPress dashboard, go to ‘Wordfence’ > ‘All Options’

1. Under ‘Basic Options,’ enable ‘Enable auto-update of the Wordfence plugin’ to keep your Wordfence installation up to date.

2. Under ‘Scans to Include,’ check the following boxes:

  • ‘Scan core files against repository versions for changes’: This option compares your WordPress core files with the official WordPress repository, helping you identify any unauthorized modifications or discrepancies.
  • ‘Scan theme files against repository versions for changes’: This compares your installed theme files with their official versions in the WordPress repository, allowing you to detect any unauthorized changes.
  • ‘Scan plugin files against repository versions for changes’: This option checks your plugin files against their official versions in the WordPress repository, ensuring that they haven’t been tampered with or modified.

3. Under ‘Firewall Options,’ enable ‘Extended Protection’ for maximum security. This will prevent attackers from accessing sensitive files and directories.

4. Configure the ‘Rate Limiting’ settings to control how often users and bots can access your site. This can help mitigate the impact of brute force attacks and other malicious activity.

5. Enable ‘Login Security’ to add features like two-factor authentication, CAPTCHA, and strong password enforcement for your WordPress site.

Step 3: Perform a Wordfence Security Scan

Now that Wordfence is installed and activated, you’ll want to perform a security scan to identify any potential issues, malware, or vulnerabilities on your site.

  1. In your WordPress dashboard, go to ‘Wordfence’ > ‘Scan.’
  2. Click ‘Start New Scan.’
  3. Wordfence will perform a comprehensive scan of your site, checking for malware, backdoors, suspicious code, and more.

Step 4: Review the Scan Results

Once4 the scan is complete, Wordfence will provide a detailed report with any issues found. Carefully review the report and take note of any problems that require attention.

Step 5: Clean Up the Hacked Files

Wordfence makes it easy to clean up the infected files directly from the scan results page. For each issue found, you’ll see the option to repair, delete, or ignore the file.

  1. For malware-infected files, click ‘Repair’ to replace the file with a clean version from the official WordPress repository. If Wordfence can’t find a clean version, it will prompt you to manually replace the file.
  2. For suspicious or unknown files, click ‘Delete’ to remove them from your site.
  3. If you’re sure a file is safe, click ‘Ignore’ to exclude it from future scans.

Remember to back up your files before making any changes, in case you need to restore them later.

Step 6: Change Passwords and Update Security Keys

After cleaning up the infected files, it’s essential to change all passwords and update your security keys to prevent unauthorized access to your site.

  1. Change your WordPress administrator, database, FTP, and hosting account passwords.
  2. Update your WordPress security keys by editing your ‘wp-config.php’ file. Replace the existing keys with new, randomly generated ones. You can use the WordPress Secret Key Generator to create new keys: https://api.wordpress.org/secret-key/1.1/salt/

Step 7: Update and Strengthen Your Site’s Security

To prevent future attacks, take the following steps to improve your site’s security:

  1. Update all plugins, themes, and the WordPress core to their latest versions.
  2. Remove any unused or outdated plugins and themes.
  3. Enable Wordfence’s firewall by going to ‘Wordfence’ > ‘Firewall’ in your WordPress dashboard. This will help protect your site from various types of attacks.