Is your WordPress hacked? Here is how to take back control.
Clear guides to spot the infection, clean the hack and close the doors behind you, written by the team that cleans hacked WordPress sites every day.
WordPress hack symptoms and types
Casino redirects, indexed spam, Google warnings, rogue admin accounts: pin down exactly what is affecting your site.
Remove the "This site may be hacked" warning from Google
Google shows "This site may be hacked" or a red full-screen warning on your site? Here's how to make it go away: clean up, request a review, and how long it takes.
Read Symptoms & hack typesJapanese keyword hack: cleaning the Japanese hack on WordPress
Japanese pages indexed under your name, titles full of Asian characters in Google? That's the Japanese keyword hack. Here's how to identify and clean it.
Read Symptoms & hack typesPharma hack WordPress: remove pills and pharmacy spam
Viagra, Cialis, and online pharmacies indexed under your name in Google, but nowhere in your admin? That's the pharma hack. Here's where it hides and how to remove it.
Read Symptoms & hack typesRemove indexed casino spam posts on WordPress (SEO spam)
Hundreds of casino, betting, or pharmacy pages indexed under your name in Google, but invisible from your dashboard? Here's how to remove them and stop them from coming back.
Read Symptoms & hack typesIs your WordPress redirecting to a casino or betting site? Here's how to stop it
Your WordPress site sends visitors to a casino or betting site, mostly from Google? That's a redirect hack. Here's where it hides and how to remove it for good.
Read Symptoms & hack typesWordPress slow or server overloaded: could it be a hack?
Site suddenly crawling, CPU pinned at the top, your host warning you about resource usage? Beyond a performance issue, it could be a cryptominer or a hidden botnet.
Read Symptoms & hack typesYour WordPress is sending spam: how to stop it
Your domain is sending spam emails without your knowledge, your host is warning you, or your mail is landing on a blacklist? Here is the cause and how to put a stop to it.
Read Symptoms & hack typesAn unknown admin account on WordPress: what to do
An admin you never created shows up in WordPress? That's a clear sign of a hack. Here's how to remove it without locking yourself out, and close the door behind it.
ReadClean and repair a hacked WordPress
Recognise an infection, find the backdoors, remove the malware and get your WordPress site back on its feet, step by step.
Guide Hacked WordPress: what to do? The guide to cleaning and securing your site
Is your WordPress site hacked? Here's the complete playbook to keep your cool, clean the infection without breaking anything, and close the hole for good.
Read Clean & repairHow to know if your WordPress site is hacked: 10 telltale signs
Not sure your site is clean? Here are 10 concrete signs of a hacked WordPress and how to check each one, before you run a pointless cleanup or let a real infection sit.
Read Clean & repairCleanly reinstall WordPress core (without losing your site)
Replacing WordPress core files with a clean version clears out a good chunk of an infection. Here's how to do it without touching your content or your settings.
Read Clean & repairClean a hacked .htaccess file on WordPress
The .htaccess is the favorite hiding spot for malicious redirects and access blocks. Here's how to spot injected rules, remove them, and restore a clean file.
Read Clean & repairRestoring WordPress after a hack: getting your content back
Content erased or hidden by the attacker? Here's how to recover your posts and pages: backups, Google cache, Wayback Machine, and what to do with no backup.
Read Clean & repairFinding and removing a backdoor on WordPress
A backdoor is the door the attacker keeps open to come back after every cleanup. Here's where they hide in WordPress and how to track them down for good.
Read Clean & repairScanning a WordPress site for malware: the methods that actually work
Online tools, plugins, manual inspection: here's how to scan an infected WordPress, which to choose for your situation, and what no scanner can see.
ReadSecure WordPress and prevent reinfection
Harden WordPress, close the holes and build the habits that keep you from getting hacked again.
Guide Securing WordPress after a hack: the hardening checklist
A site that's cleaned but not hardened often gets reinfected through the same hole. Here's the security checklist to run right after cleanup to close the door for good.
Read Secure & preventBacking up WordPress: how to never lose everything
A good backup turns a hack into a minor setback. Here's what to back up, how often, where to store it, and how to confirm it actually works.
Read Secure & preventProtect the WordPress login page against brute-force attacks
The wp-login.php page is the number one target for bots. Here's how to hide it, limit login attempts, and block brute-force attacks without making your life complicated.
Read Secure & preventWhy WordPress sites get hacked (and how to prevent it)
WordPress doesn't get hacked because it's insecure, but because of a few very concrete weak spots. Here are the real causes of a hack and how to shut them down.
ReadWant us to handle it for you?
Run a free scan: we show you what is detected, then clean everything in ~30 minutes. €149 all-in, refunded if we can't fix it.
Scan my site