If our scanner has recently turned up security threats on your site or if you suspect your site has been hacked then this guide is for you.
If your site is down but you’re unsure why, we have a separate guide with steps to take in order to restore your site to working order.
Review WordPress Security Best Practices
If you’re running a modest, personal site, you might want to first ensure you’re following best security practices generally. This guide from WordPress.org offers some solid tips.
Contact your host
Your host manages your server so the sooner they are aware the more actions they can take on their end to protect your site. In some cases, your host may be the one notifying you of the hack. In that case, work with them to get a list of hacked files and identify the hack. Getting access to server logs can help identify where the entry point might have been as well.
Update any out of date plugins or themes
Always running the latest versions of your plugins, themes, and WordPress itself, will go a long way in keeping your site safe and sound. At VaultPress, we highly recommend using something like Jetpack Manage to make this easier to take care of.
Remove unused plugins or themes
Even if a theme or plugin isn’t active on your site, the files for these extensions will remain on your server and can pose risks if they remain out of date or a threat is found. We highly recommend removing any unused plugins or themes as a result!
Make sure you are using the latest version of WordPress
In the same way using the latest version of plugins and themes gives you the best chance at site security, using the latest version of WordPress also will go a long way.
Reinstall WordPress core
VaultPress’ security scanner will catch any changes to WordPress core but, if you aren’t using a plan that includes our scanner, we recommend reinstalling your core files. You can do this by heading to Dashboard > Updates > Reinstall Now.
Reset all of your passwords related to your site
By resetting your passwords, you will help close down on any backdoor pathways a hacker might have. We recommend resetting passwords related to all aspects of your site from your email account to your hosting account to your site login. Ultimately, we recommend always using unique and complex passwords! Here are some tips for choosing a strong one.
Use our security scanner to clean threats
If you are using our Security Bundle plan, you can use our security scan results to identify and, in many cases, autofix certain threats.