My WordPress Site Has Been Hacked – WHAT TO DO?!?

Chrome Warning

Google Chrome indicates that your WordPress site “contains harmful programs” or “contains malware” when any page is opened. This means that Google has crawled your site and found embedded code that could cause harm to the passing web surfer. Your site has been hacked by someone who has changed files to meet their malicious intent. The hacker may have done it using a trojan plugin or may have gained access to your wpadmin or ftp account.

What Should You Do

There are some free WordPress plugins available that will scan and fix malicious files. The following sections provide more detail for this list of Things to Do:

  1. change your webserver ftp password
  2. change your wpadmin password
  3. delete unknown WordPress Administrator users
  4. install the plugin Anti-Malware from GOTMLS.NET
  5. install the plugin Wordfence
  6. run the Anti-Malware scans and Address Issues
  7. run the Wordfence scans and Address Issues
  8. address any issues
  9. notify Google of your changes

Run the Anti-Malware scans and Address Issues

  1. run the WP_Core Quick Scan
  2. run the Plugins Quick Scan
  3. run the Themes Quick Scan
  4. run the Complete Scan
  5. choose ‘Fix Issues’ if the scan identifies a threat
  6. repeat over several days to ensure the threat does not reappear.
  7. if threats reappear, pay attention to plugins or themes that reappear and disable then delete those
  8. clear the quarantine created by the Anti-Malware plugin
  9. delete any plugins that WordFence indicates as no longer supported

Run the Wordfence scans and Address Issues

  1. turn on ‘scan themes files against repository versions for changes’. Visit wpadmin > Wordfence > Options
  2. turn on ‘scan plugin files against repository versions for changes’. Visit wpadmin > Wordfence > Options
  3. run ‘Start a Wordfence Scan’. Visit wpadmin > Wordfence > Scan
  4. browse the Scan Summary and validate the scan results.
  5. view the New Issues and address each one as follows:
  6. Allow Wordfence to Repair any core files that are identified as changed. Unless you are changing WordPress core code, you don’t want custom files.
  7. Allow Wordfence to Delete any unknown files identified as containing malicious code. If it isn’t in the inventory, your site won’t need it.
  8. If you modified a theme (example: changed a style.css file), indicate that Wordfence should ignore this issue.

Notify Google

Register your site in Google’s WebMaster tools. Visit
Check the WebMaster Tools Security Issues tab. Follow the instructions to tell Google to remove your sit from their list.


Your site has been hacked. Using the 2 free plugins Anti-Malware and Wordfence, you can scan and fix files that now contain malicious content. Mission accomplished!

Monitize your WordPress Site


There are several tactics you should take to make money from your WordPress site. If your site is a blogging site or a site that provides some type of information, you need to get visitors and then sell ads. There are many methods, but, these are the easiest and best tools (and FREE (except when you run out of free advertising)) :
… Read More!

How Do I Make A Website?

Create a website

Create a websiteFor $40 a year, you can get what you need to build a website. The easiest way to begin is to (a) get a domain name (b) get web hosting (c) install WordPress and (d) make some web pages. This is true for any type of general website including personal sites, blogs, a site for your organization, or even a small business.
… Read More!