Build Your Own Business Website header image

How to Identify and Repair a Hacked WordPress Site – Step 1 – Identify the Problem

Difficulty Level -

Filed Under Topics -

Listed Under Lesson Subjects -

Applies to -

Whoops, you've found some premium content!

Watch the opening clip of this video to preview it,
the full video is available to paid members.

Areas Where the Problem May Exist

Now, the very first step in this process of fixing a hacked WordPress site is to identify where the problem lies and what I’ve done is laid out the potential problem areas, sort of in order of intensity and difficulty to identify or an impact. Because the first one is the easiest to diagnose and easiest to solve and the bottom one is the hardest to diagnose and the hardest to solve.

Is it a Browser Problem?

First, is there a problem that just exists inside the browser that you’re using? This can be the case. Actually it often is the case that somebody says, “My site doesn’t look right”, or “Something isn’t working correctly in my site”. Then I look at it in Chrome and it looks fine to me but they’re looking at it in Firefox and looks all messed up. The question first you need to ask is, “Is it a browser problem?”.

Is it a Plugin Problem?

The next question is “Is it a plugin problem?”. 90% of all problems that need some kind of troubleshooting are one of these two categories.

Is it a Theme Problem?

It could also be a theme problem and that could be a problem with the theme outright or it could be a problem with some custom code you’ve done on the theme. It could be a bug in the theme and if you’ve hung around me long enough you’ll know that we find those kinds of things even in themes that we trust so it could be a theme problem.

Is the Site Hacked?

The new thing that I’ve added to this checklist today is, “Is the site hacked?”, because it’s reasonably easy to test if the site is hacked and inexplicable problems can be related to a hacked site as we’re going to see here today.

Is it a WordPress Problem

The next thing is, “Is it a WordPress problem?” because there can be errors in WordPress. Things get messed up sometimes in the update process and also people are fallible, WordPress is fallible and sometimes bugs do get introduced in new versions of WordPress. So it could be a WordPress problem or it could just be a corruption in a file or a corruption in your WordPress database that is causing the issue. Finally we arrive at “Is it a server problem?”.

Go through the Process on an Actual Site

So your step 1 really is to identify where the problem exists. Now, when you want to figure that out, really the first thing you want to ask yourself is, “What has changed recently?”. In Leah’s case here nothing changed recently. She hadn’t done anything on the site for a couple of weeks and it looked fine and then it stopped looking fine.

When nothing has changed it makes it quite a bit more difficult to figure out but often what I find is that somebody has loaded a plugin or a new theme or added some new code. That often is a good indicator of where you should look to find the problem, asking yourself, “What has changed recently?”.

Step 1 – Browser Problem?

If asking yourself “What has changed recently?”, doesn’t really help you solve it then you just got to go through this checklist step by step. Step 1, “Is it a browser problem?”, so you’re going to check it in multiple browsers and we’ll do that here with this site.

I like to get it to be fully broken instead of just partially broken here but whether it’s fully broken or partially broken, if we inspect the element we’re going to see that the body tag doesn’t have any classes in it.

We can take a look at this in Internet Explorer and see that that problem again is going to exist. If we view the page source and come down to the body tag, the body tag again has this little blank spot after it that does not have any classes associated with it.

We’ll do the same thing in Firefox. We can view the source chart here in this case and come down and look at the body and you can see the body tag doesn’t have any classes assigned to it and it should.

Step 2 – Plugin Problem?

The problem exists in all of these different browsers so it’s not a browser problem. So then, “Is it a plugin problem?” And the way you identify that is by simply deactivating all plugins and that’s what we’re going to do right now.

We’re going to come over to Leah’s site and go to the plugins. Select all plugins by checking this box here up at the top and under Bulk Actions, we’ll go ahead and select Deactivate and hit Apply.

So now those things have all been undone and if we refresh this, there doesn’t appear to be any difference. The body tag still has no classes in it ,so again this doesn’t have anything whatsoever to do with the plugins because there are no plugins active and the problem still exists.

Is there a Caching Problem?

So if the problem doesn’t go away after we’ve deactivated plugins we want to check for caching files. We just want to make sure that there are no remnants of caching plugin still active that may be causing some problems.

We’re going to do that from inside of her GoDaddy control panel. You can do this using FTP, you can do this using whatever control panel your host happens to use but we’re going to come over here to upload files. I need to log us back into this account again so I’m going to come over here and get that login information.

There we go. We’ll come back over here to upload files which takes you to the GoDaddy File Manager and there are a bunch of files here, a bunch of folders here to potentially look through. This is the root of her website so one of the things you’re going to do in the root of her website is to look for anything that says “cache” in it.

Different caching plugins will add a name with something other cached.php file into the root and they can also do it in wp-content. So we’ll come over and take a look at wp-content. You want to look both in the root of your site and in wp-content.

There’s nothing here so we’ll just double check plugins once just to make sure but there is nothing here that indicates that there’s a caching file in place. Okay we’re not going to worry about that.

This is something though that can be very significant for people who are using hosts that automatically install WP Super Cache. There are a number of hosts that when you use their quick install system for installing WordPress, it automatically adds and activates WP Super Cache. When you deactivate it, it does not eliminate its caching files and that caching file can still mess up your site. So that’s definitely an issue that you need to look at before you decide the problem is not related to a plugin.

Step 3 – Theme Problem?

Once we know it’s not related to a plugin then we have to ask ourselves, “Is it related to a theme?”. Right now we’re using the Agency Child Theme and so we’re going to come back over here to the site and go over to Appearance and Themes. You might in this case, ask yourself, is it a problem with the child theme or with the parent theme but we’re just going to go ahead and activate Twenty Fourteen.

Twenty Fourteen is now live and then we will look at the site again, it’s going to look entirely different. Let’s just go back to the homepage for a second. That that header image is gone entirely now and it would not actually be gone here. So if we view the page source, we can scroll down here and look at body and you can see the body is again empty.

Twenty Fourteen always adds its WordPress classes to the body tag so at this point, you know this issue is no longer theme related, right? It’s not related to Genesis or to Agency, it’s something someplace else and where we left this whole process off yesterday was saying okay, “Well it must be a problem with WordPress”.

Step -4 Hacking Problem?

However, due to our new inclusion of the new step in our checklist, now we’re going to check to see if it’s hacked. It’s not a problem with the theme and so now we’re going to check to see if it’s a hacking problem and we’re going to check it at

Check for Malware

Sucuri is a very powerful service that I strongly recommend. We’re just going to come over to their site,, and you can see right here that you can scan your website for malware for free. And that’s what we’re going to do, we’re going this and paste it in place and scan the site.

When this has finished scanning you can see it’s telling us that it’s infected. So this is actually where we stop troubleshooting at least for the moment. You can see that it’s found malware, right? It’s found malware at so on her homepage and on a couple of test pages and a javascript page and some other pages.

If we come over and take a look at the details here it gives you some root information about the site. One of the things that says is this has not been blacklisted yet which is good news. That means that Google hasn’t found it yet and so the site hasn’t been blacklisted. We’ll get it fixed today so that it doesn’t cause a problem.

Sucuri’s Security Service

Now, you could stop right now, go hire Sucuri and have them clean your site up, you could do that. We’re not going to do that because we’re going to fix it ourselves but for $90.00 not only will they clean the site up but they’ll also protect it and guarantee that it won’t be reinfected.

When we’re done with this, I’m still going to recommend that Leah subscribe to this service for $90.00 a year to protect her site from this ever happening again because they absolutely guarantee that the site won’t be hacked again. If it does get hacked again that they’ll just clean it up for you until the problem goes away until it never happens again. This is an excellent service.

The good news is it’s an external service so it doesn’t actually restrict plugins on your site. There are lots of other security solutions to hacking that end up limiting your freedom on your site and the good news is Sucuri does not do that.

Anyway, we’re going to fix this and when we’re done we’re going to check the site results and you’ll see that all the malware has been removed from the site so we should be in good shape.

Step 5 – WordPress Problem?

Then finally, if the problem persists with no plugins, with the default WordPress theme and no evidence of hacking then the problem is most likely related to WordPress. Now, we’re not going to actually have to go through the process of checking this today because we’re going to go through the process of fixing the hack instead.

There are a lot of similarities between replace/fixing a broken WordPress site and fixing a hacked WordPress site. But this seminar is going to have an emphasis on hacking and not on fixing the problem with WordPress because the problem does not reside there.

0 Comments… add one
0 comments… add one

Leave a Comment