Restore from Backup: If you have backups for your WordPress site, then it may be best to restore from an earlier point when the site wasn’t hacked.
In shared hosting environment, we do not provide restoration on demand as the backup was meant for disaster recovery.
Malware Scanning and Removal
- Delete any inactive WordPress themes and plugins. More often than not, this is where hackers hide their backdoor.
- Install free plugins on your WordPress. Sucuri WordPress Auditing & Theme Authenticity Checker (TAC).
- When you set these up, the Sucuri scanner will shows you where the hack is hiding.
- Next run the Theme Authenticity Checker. If Theme Authenticity Checker finds any suspicious or malicious code in your themes, it will show a details button next to the theme with the reference to the theme file that is infected. It will also show you the malicious code it found.
- You have two options for fixing the hack here. You can either manually remove the code, or you can replace that file with the original file.
- Make sure that your theme and plugin folder matches the original ones. Remove those files if that doesn’t matches.
- Repeat this step for any affected plugins as well.
- Change your control panel, FTP and MySQL password.