How to fix a hacked Joomla or WordPress site

So it happened. Your site was finally hacked. Dont panic.

BACKUP! (Dont Restore)!

Do it now. Backup your site. Even if its hacked. Backup right now. Done? ok.

Next, you will read some “Experts” talk about restoring your site from the last clean backup – this should only ever be done as a last ditch attempt!

how to fix a hacked joomla or wordpress site with

By restoring you are wiping away crucial evidence, details that someone like me with experience can use to understand how you were hacked in the first place. By restoring you wipe the slate clean, but re-introduce the same security hole that allowed you to be hacked in the first place!

Out of your depth? Out of time? Just want an expert fix?

tl:dr; – If you are looking for an expert to “just fix” your site for you, for a small one time set fee (and non-subscribers get a month of for FREE), then please visit and submit a request. For as little as GBP88.00 set fee Phil will fix your site and give it all the love it needs, handing it back to you cleaned, upgraded, locked down and secure.

Here are we have a unique set of tools to help you manage and maintain, backup and secure your site. You can discover what is really happening under the bonnet of your homepage, as we check each and every line of code in your webspace.

Continue reading to see some of these tools highlighted.

Ok back to the unique tools at, the first we want to mention is our most popular tool, the suspect content tool.

Discover suspect content in your files

After your site has been audited by our platform, you can find the suspect content tool in the “Hacked?” section of your “Audit” Tab for the site.

Manage Site -> Audit Tab -> Hacked Section, first tool in that section

Clicking on the “Investigate” button will take us to the unique tool for this check, it will load the list of files in realtime from your website and display:

The tool will show you the file path, file name, the last modified date, size, permissions and provide a tool to edit the file, another to view the suspect content matches, and a tool to delete the whole file.

If you click on the filename, then the platform will go to your site and retrieve the file, and then match the suspect content found against our pattern matching, and display the lines in the file that look suspect to us:

An example hacked file

Revert core Joomla/WP Files

As you can see above, the index.php file in this example has 2 lines of suspect content in it. You can now edit those lines out, but wait… this brings us to another tool… if we go back to the Audit tab, the very first tool is the Changes To Core Joomla Files Should Be Avoided check, clicking investigate next to that gives us a list of the core (Joomla in this instance) files that have been modified since they were released…

If we find the index.php and click it in that tool, we get an amazing diff of all the changes, in line, with the original file on the left and your modified files on the right

Using the blue arrow, we can, with a single click, restore the ORIGINAL file that would have been distributed with Joomla, thus overwriting the hacked file and reverting all changes back to original – simple.

Other file based tools

So far we have only used two of the tools in the audit, there are many more!

For example. Here are a few more of the tools:

As you can see, each one of these tools helps you investigate the changes on your site and gives clarity to the state of your webspace.

If you work though all the tools, you can start to bring your site back from being hacked to being clean and secure again.

These are just two tools out of the huge list of unique tools we have at for fixing your hacked Joomla and hacked WordPress sites.

Add all your sites and get alerts

You can add unlimited sites to your account and run unlimited backups, snapshots and audits anytime you like – this way you can watch for changes and be alerted when things change, automatically.

We also monitor a list of files (you can configure this list further) where we monitor in realtime (on every page load) if the files have been modified, and if they are we will inform you by email. Realtime change notifications is yet another excellent feature of that Im not going into here 🙂

A little technical ability is needed to fix a hacked site, but without great tools such as these, the task would be impossible!