{"id":1904,"date":"2020-07-26T18:09:42","date_gmt":"2020-07-27T01:09:42","guid":{"rendered":"https:\/\/www.ultimatewb.com\/blog\/?p=1904"},"modified":"2026-06-02T01:18:35","modified_gmt":"2026-06-02T08:18:35","slug":"what-do-i-do-if-someone-hacked-my-wordpress-e-commerce-site","status":"publish","type":"post","link":"https:\/\/www.ultimatewb.com\/blog\/1904\/what-do-i-do-if-someone-hacked-my-wordpress-e-commerce-site\/","title":{"rendered":"What do I do if someone hacked my WordPress e-commerce site?"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\">    <picture>\n                <source type=\"image\/webp\" srcset=\"https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-150x100.webp 150w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-500x333.webp 500w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-610x407.webp 610w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-800x533.webp 800w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-1200x800.webp 1200w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website.webp 1536w\" sizes=\"(max-width: 767px) 100vw, (max-width: 1200px) 90vw, 70vw\">\n                <img src=\"https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website.jpg\" \n             srcset=\"https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-150x100.jpg 150w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-500x333.jpg 500w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-610x407.jpg 610w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-768x512.jpg 768w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-800x533.jpg 800w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website-1200x800.jpg 1200w, https:\/\/www.ultimatewb.com\/blog\/wp-content\/uploads\/how-to-fix-hacked-wordpress-ecommerce-website.jpg 1536w\" \n             sizes=\"(max-width: 767px) 100vw, (max-width: 1200px) 90vw, 70vw\" \n             width=\"1536\" \n             height=\"1024\" \n             alt=\"Steps to fix your hacked WordPress e-commerce website.\" \n             loading=\"lazy\" \n              \n             decoding=\"async\" \n             class=\"wp-image-9901\" >\n    <\/picture>\n    <\/figure>\n\n\n\n<p>Discovering that your WordPress e-commerce site has been hacked is an immediate emergency. Unlike a standard blog, a compromised online store threatens your revenue, your search engine rankings, and your customers&#8217; sensitive payment data.<\/p>\n\n\n\n<p>If you have a clean, recent backup of your files and your database from before the breach occurred, your fastest option is to wipe the server and restore from that backup.<\/p>\n\n\n\n<p>However, if you don&#8217;t have a recent backup, your recovery strategy depends entirely on how deep the malware went. For a standard e-commerce store, fixing the site requires triaging three specific areas:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1. Secure the Payment Gateways &amp; Customer Data<\/strong><\/h2>\n\n\n\n<p>Before touching code, you must protect your customers. Hackers often inject malicious JavaScript into checkout pages to skim credit card numbers.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Change all database passwords, WordPress admin passwords, and FTP\/hosting credentials immediately.<\/li>\n\n\n\n<li>Check your payment gateway settings (like Stripe or PayPal keys) to ensure funds aren&#8217;t being redirected to a rogue account.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2. Clean the Core Files &amp; Database<\/strong><\/h2>\n\n\n\n<p>You will need to verify that your server still contains your actual product images and content files (which live in your <code>wp-content<\/code> folder), while completely replacing the core WordPress system software files that are easily targeted by exploits.<\/p>\n\n\n\n<p>For a complete, step-by-step technical walkthrough on how to manually swap out core files and hunt down hidden malicious code injections, see our comprehensive guide: <strong><a href=\"https:\/\/www.ultimatewb.com\/blog\/429\/wordpress-website-hacked-how-to-fix-it\/\">WordPress website hacked? How to fix it\u2026!<\/a><\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3. Audit Your E-Commerce Plugins<\/strong><\/h2>\n\n\n\n<p>E-commerce sites are prime targets because they rely heavily on a massive web of third-party plugins for shipping, checkout, inventory, and marketing. A vulnerability in just one of these plugins can open a backdoor to your entire database.<\/p>\n\n\n\n<p>Once your site is functional, audit every single plugin. Delete anything unused, and update the rest immediately.<\/p>\n\n\n\n<p>Related: <a href=\"https:\/\/www.ultimatewb.com\/blog\/8929\/the-wordpress-backdoor-scandal-why-30-trusted-plugins-just-turned-malicious\/\">The WordPress Backdoor Scandal: Why 30+ \u201cTrusted\u201d Plugins Just Turned Malicious<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.ultimatewb.com\/blog\/7131\/can-one-hacked-website-lead-to-others-being-compromised-on-shared-hosting\/\">Can one hacked website lead to others being compromised on Shared Hosting?<\/a><\/p>\n\n\n\n<p><em>Got a techy\/website question? Whether it\u2019s about UltimateWB or another website builder, web hosting, or other aspects of websites, just send in your question in the&nbsp;<a href=\"https:\/\/www.ultimatewb.com\/ask-david\">\u201cAsk David!\u201d form<\/a>. We will email you when the answer is posted on the UltimateWB \u201cAsk David!\u201d section.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Discovering that your WordPress e-commerce site has been hacked is an immediate emergency. Unlike a standard blog, a compromised online store threatens your revenue, your search engine rankings, and your customers&#8217; sensitive payment data. If you have a clean, recent &hellip; <a href=\"https:\/\/www.ultimatewb.com\/blog\/1904\/what-do-i-do-if-someone-hacked-my-wordpress-e-commerce-site\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1034],"tags":[1194,109,303],"class_list":["post-1904","post","type-post","status-publish","format-standard","hentry","category-ask-david","tag-fix-wordpress-website","tag-wordpress","tag-wordpress-hacked"],"_links":{"self":[{"href":"https:\/\/www.ultimatewb.com\/blog\/wp-json\/wp\/v2\/posts\/1904"}],"collection":[{"href":"https:\/\/www.ultimatewb.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ultimatewb.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ultimatewb.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ultimatewb.com\/blog\/wp-json\/wp\/v2\/comments?post=1904"}],"version-history":[{"count":4,"href":"https:\/\/www.ultimatewb.com\/blog\/wp-json\/wp\/v2\/posts\/1904\/revisions"}],"predecessor-version":[{"id":9903,"href":"https:\/\/www.ultimatewb.com\/blog\/wp-json\/wp\/v2\/posts\/1904\/revisions\/9903"}],"wp:attachment":[{"href":"https:\/\/www.ultimatewb.com\/blog\/wp-json\/wp\/v2\/media?parent=1904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ultimatewb.com\/blog\/wp-json\/wp\/v2\/categories?post=1904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ultimatewb.com\/blog\/wp-json\/wp\/v2\/tags?post=1904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}