This article contains affiliate links. If you buy from them I might make a commission at no extra cost to you.
If you’re reading this, chances are you’re looking for how to fix your hacked GoDaddy WordPress site. You’re not alone. Several of my GoDaddy WordPress sites (including this one) were hacked recently. Some of my friends had their WordPress sites hacked too.
There’s a nasty SEO spam out there targeting vulnerable WordPress plugins. More than two million sites were affected at the time of this writing. It hacks into your WordPress site and redirects people to malicious sites. For example, hackers redirected GetRickNow.com (this site) to this:
What’s worse, it decimated my SEO. At one time my hacked site was redirected to erectile dysfunction meds pages.
Here’s how I fixed my sites. I hope this is helpful to you.
3 steps to fix your hacked GoDaddy WordPress site:
(without having to dive into the codes and clean the malware yourself)
Step 1. Go to the free Sucuri Site Check, it’ll tell you if your WordPress site contains malware.
Sucuri one of the top WordPress security plugins, and it’s a GoDaddy subsidiary. If the Site Check scan returns a clean bill of health, chances are you’re having other problems, like DNS. Contact GoDaddy Support for help.
If the results show that your site is hacked, you have two options: A. Revert to a previous backup or B. Get your site professionally cleaned.
Step 2. Option A: Revert to a previous backup
You can restore your hacked WordPress site to an old backup, to a time before the hack. Restoring is the most cost-effective solution (costs you nothing), but more time-consuming. I spent a few hours to restore my site using this method. Here’s what you do:
- Revert to an old backup
- Run the free Sucuri Site Check scan again to see if the backup is infected
- If the scan found no malware, congrats! Go to Step 3: Post-hack security.
- If your site is still infected, revert to an even older backup. Repeat these steps until you have a clean site. If even your oldest backup is infected, check out Option B.
Step 2. Option B: Get your hacked WordPress site professionally cleaned by Sucuri/GoDaddy
This option is for you if:
- If you’re unable/unwilling to revert to an old backup
- Even your oldest backup is infected
- You don’t want to spend hours with tech support
- Your time is extremely valuable and you’d rather pay to get this problem taken care of
You can find out which Sucuri package works for you here. I went with Pro for one of my more important sites, it took them less than 30 minutes to clean the Malware and send me an After Action report with recommendations on how to keep my site safe from future attacks. I was so impressed I went on Robinhood and bought GoDaddy shares! (Not financial advice)
3. Post-hack security
After you removed the malware, let’s make it harder for them to hack you next time. Even with the free version, Sucuri Security Plugin for WordPress has two features that I love: WordPress Hardening and Post-Hack.
“Hardening” is a fancy way to make your WordPress site more secure. Sucuri lets you do this with a few clicks.
Post-Hack feature does many things you must do after your WordPress site was hacked, like updating secret keys, changing user passwords, reinstall plugins, etc.
That’s it! I originally wrote this as a quick guide for friends and family who got their WordPress site hacked. If you find this content useful, please feel free to share it so others can protect themselves too. Cheers!