There are several tutorials available on how to clean up a hacked website.
If you are a WordPress expert, you can search and clean the infected files and malicious code to recover the site.
If you don’t know, you can hire our professional services to put your site in the business by clicking here
Back up your site
Once the website is found to be hacked, the first thing to do is to make a full backup of your site. If your website hosted in cPanel server, you can use the backup wizard or use FTP to download files. For Database backup use phpMyAdmin.
Upload fresh copy of WordPress
Rename WordPress installed folder to foldername_hacked. If you are in linux hosting and installed WordPress in root folder, rename
Public_html folder to Public_html_hacked and create new Public_html and then upload fresh copy of WordPress files.
Update config file
Rename the wp-config-sample.php to wp-config.php and upate the MySQL details.
define( 'DB_NAME', 'database_name_here' );
define( 'DB_USER', 'username_here' );
define( 'DB_PASSWORD', 'password_here' );
define( 'DB_HOST', 'localhost' );
$table_prefix = '';
You can copy the above details from wp-config.php in the hacked folder
Clean WordPress Theme
If you are using the premium theme, you can contact the theme provider to get the fresh copy of the theme. If it does not, download the theme folder from backup (/public_html_hacked/wp-content/theme) and check each files, remove malicious code.
Reinstall all plugins from the WordPress repository. If your using the any paid plugins, contact the provider to get the fresh copy.
Delete Inactive Themes & Plugins
This will ensure that your site is pre-protected from hackers. Removing unused themes ensures better performance for the website.
Install a Security Plugin
Install Wordfence Security plugin and run the Standard Scan to ensure the security.
Go to Admin area > Wordfence > All options > and enable the following
Hide WordPress version
Disable Code Execution for Uploads directory