Oof, We Were Hacked

Our WordPress website got hacked with malware. These were the signs, and how we got rid of the malware.

It happens to the best of us. They got us, partner. They hacked our WordPress website. They brought us nothing but panic, frustration, and anger. It happened at the worst time possible, while a potential big client was trying to navigate our website. So what happened? What are the signs of a WordPress site being hacked? What should you do?

The first signs of trouble were with abrupt layout issues in our website design. The site just seemed broken all of the sudden. Content in pages was getting duplicated and the layout became a broken mess. We patched it up that day, and everything seemed to be okay.

The next sign was in HTTP Header issues such as :

  • Warning: Cannot modify header information – headers already sent by (output started at //index.php:12) in //plugable.php on line 86
Usually, this is benign and just an issue with a new plugin, but the problem persisted with all plugins deactivated. This was getting serious, so we check the hit logs and see:
Google Bot Strange Hits

For some reason, Google started to index hundreds of pages that we didn’t create. These pages were redirecting somewhere else – different Japanese shop sites. 

Even the sitemap.xml was affected by the malware. The file existed, but not as XML file, but a file that redirected traffic.

That same day, our web host (SiteGround) contacted us saying that the website was taken offline due to the detection of suspicious malware. It became obvious that we were in for a major headache.

Google Search Console Issue Detected

Finally, Google Search Console notified us that Chrome will no longer open the website because it’s harmful. 

How We Fixed It

SiteGround scanned our site and provided a list of infected files. Even after their deletion, the site was still throwing errors, it became apparent that the malware was implanted deep in the configuration files. 

It was time to wipe it all clean. Everything. What??? Everything??????????






We wiped it all out after backing up the content. Fresh new database, fresh new WordPress install, fresh new usernames with new passwords, fresh new prince, fresh new plugins, fresh new everything.






This time, instead of Yoast SEO, we went with the premium Rank Math SEO. There will be a post about that soon, but so far – we’re loving the latter.

Resubmitted the sitemap to Google and sent them a “I’m sooooo ssoorrryyy. Please index the site again 😭” message. Things are looking good so far. We’re still rebuilding some things here and there, and the site might look funky in mobile. Our website is small and minimalistic, so the fix took about three days. With larger websites, you might want to try professional services such as Sucuri. 

In the meantime – we turned off caching, reinstalled google tag manager, and are still sort of annoyed. Feel free to send us a message, if this ever happens to you. It’s a straight-forward process. 


Stay hack-free,

-Russ Castella