Your WordPress site got hacked: what to do right now
Quick answer
If your WordPress site is hacked, do not panic and do not just delete files at random. Take the site into maintenance mode if you can, change all passwords, and get a professional to inspect every file and database table by hand. Automated scanners miss backdoors, which is why hacked sites get reinfected. Full manual removal plus hardening is the only reliable fix.
First hour: limit the damage
Change your hosting, WordPress admin, database, and FTP passwords.
If the site is serving malware to visitors, put it in maintenance mode to protect them.
Do not start deleting files blindly. You can break the site further and destroy evidence of how they got in.
Why sites get reinfected
Attackers leave hidden backdoors so they can return after you clean the visible malware.
Automated scanners only catch known signatures, so they miss custom or obfuscated code.
The only reliable fix is manual inspection of every file, table, and server config, then closing every entry point.
Getting genuinely clean
Remove all malware and backdoors by hand, not just the parts a scanner flags.
Submit for review and clear any Google blacklist or deceptive site warning.
Harden permissions, authentication, and plugins so the same door cannot be used again.
Common questions
How fast can you clean a hacked site?+
We triage emergencies within four hours and most cleanups are completed the same day, depending on the severity of the infection.
Will I lose my content?+
No. We preserve your data and use safe rollbacks where needed so your content and rankings stay intact.
Want help with this?
The pages below go deeper, by service and by city.
Want this handled for you?
Book a call and we will review your site before recommending anything.