You believe your WordPress site is hacked! Now what? It’s either time to dust off your repair skills, or begin a crash course in learning the required skills or possibly hiring someone who already has the skills to fix your site. There is also the possibility you may use some combination of all these efforts or even none of them at all.

How’s that for a definitive opening statement? Some people find using WordPress kicks off a whole new set of learning experiences that grows into a lifelong hobby and love for software coding, tweaking and repair. Others are only using WordPress because it met their need from an artistic or personal expression viewpoint. And there is a big middle area where people are willing to learn the necessary maintenance skills to keep their site healthy but aren’t interested in learning all the ins and outs of building software.

WordPress is a sophisticated and very versatile content management system. The number of moving parts required to publish a site with WordPress does require some minimum repair skills. Plus, a server is also needed – this is a mysterious beast with its own learning curve. In addition to the core WordPress software, a theme and most likely plugins will be required. And there are some basic tools needed to keep all this stuff working.

There are options for individuals who don’t have the desire or possibly the time to learn the minimum skills needed to run your site. There is nothing wrong with bypassing the basic repair steps and tools. There are even additional options for people in this category. They can hire someone to maintain their site or they can choose a blogging platform that requires little technical knowhow. Freelancers are relatively easy to find, is a good example. is an example where the server and much of the technical duties are done for you.

You should decide on the best content management solution for your needs and you should decide fairly early in the process. When you look at your site and find it has been defaced by flags you don’t recognize and audio of some chant you don’t understand – it’s not a good time to start your learning process. Yet it is surprising to me how often this exact lack of planning plays out.

In volunteering on the WordPress support forums, I often see a posting like: I need lots of help here. My site have been hacked and defaced by a group calling themselves the best hackers in the world. (They are from Russia, like how good can they really be?) Somebody puh-leeze give me the instructions in baby steps to make this all go away!

They really ramp up the panic when using FTP or the File Manager in their hosting account is suggested in reply. A likely response is, what’s FTP and who do I call about hosting? I SAID give me baby steps! I didn’t know I needed to be a computer programmer just to get a few flags off of my screen!

Please don’t let this happen to you. Make plans for maintenance before you need it. Better still, add security protection or have it added for you. Maybe then, you will never be bothered by hackers.

Now, to the Tools and Skills Needed to Use Them

The first tool is a File Transfer Protocol (FTP) software client. This software runs on your PC and as the name implies, it transfers files to and from your PC to your Server. The FTP Client should match the operating system of your PC, which is often Windows versus the operating system used by your server.
There is another file transfer method available but it is more suited to quick lookups and minor edits. This software is located in your hosting account and is usually called a File Manager. Despite its name, it is not suited to transferring large amounts of data like you would find in the WordPress core files as an example. Make sure you can find tutorials for the FTP client you choose.

Examples of FTP Software Clients (for Windows based PCs)

Next is text editing software. This editor is used along with FTP software to view and modify files. Text editors are different from word processing software in that the text editor provides no formatting that might cause issues when added to a server file. Even when word processing has the ability to save a file as text, there may still be hidden characters that can cause issues.

Examples of Text Editors
Windows Notepad

Server side scanner plugin. Installing a good security scanner is a very important part of an effective hacking deterrent. In fact, properly installing the right plugin may prevent the need to ever repair your site due to hacking. I realize this is a bold statement but it is also very true. The plugin for this job must have the ability to do server side scans. This means the scan engine is installed on the server versus scanning originating from the internet. Server side scans can find backdoors that are not visible using traditional browser based scans.

Examples of Server Side Scanning Plugins

Database and file backup solution. If your site is hacked, the quickest and most reliable way to be malware free again is to restore from a known good backup dated before the hack. Restoring from backup is a 15 minute fix, or less. I believe the backup function is best done by your server. But with many hosts, backup is an extra charge. The ability to restore your site is a vitally important part of your site security. You must find an automated solution that meets your budget. If the site isn’t automatically backed up, you will not likely have a recent back up when you need one. Because of the hardware and storage costs involved, expect to pay a few dollars a month for backup.

Backup Solutions
Use the backup solution provided by your server or host.
Use a backup plugin that uses the same long term storage option you already use.
Amazon S3
Google Drive
This list may, at first, seem like lot to learn. However, if you installed your WordPress site the first time without using an automatic installer, you probably used all these tools with the exception of the backup and scanning plugins.