My Website Was Hacked

What and How steps to solve if my website was hacked ?

Note : These steps for site that using wordpress as its site

how to remove malware in wordpress oktaweb

Scan your local machine.
Sometimes the malware was introduced through a compromised desktop system. Make sure you run a full anti-virus/malware scan on your local machine. Some viruses are good at detecting AV software and hiding from them. So maybe try a different one. This advice generally only applies to Windows systems.

Check with your hosting provider.
The hack may have affected more than just your site, especially if you are using shared hosting. It is worth checking with your hosting provider in case they are taking steps or need to. Your hosting provider might also be able to confirm if a hack is an actual hack or a loss of service, for example.

Change your passwords.
Change passwords for the blog users, your FTP and MySQL users periodically

Change your secret keys.
If they stole your password and are logged in to your blog, even if you change your password they will remain logged in. How ? because their cookies are still valid. To disable them, you have to create a new set of secret keys. Visit the WordPress key generator to obtain a new random set of keys, then overwrite the values in your wp-config.php file with the new ones.

Take a backup of what you have left.
If your files and database are still there, consider backing them up so that you can investigate them later at leisure, or restore to them if your cleaning attempt fails. Be sure to label them as the hacked site backup.

Check your .htaccess file for hacks.
Hackers can use your .htaccess to redirect to malicious sites from your URL. Look in the base folder for your site, not just your blog’s folder. Hackers will try to hide their code at the bottom of the file, so scroll down. They may also change the permissions of the .htaccess file to stop newbies from editing the file. Change the permissions back to 644.

Consider deleting everything.
A sure way to remove hacks that currently exist, is to delete all the files from your web space, and clear out your WordPress database.

Consider restoring a backup
If you restore from a known clean backup of your WordPress Database, and re-upload your backed up WordPress plugin and theme files through FTP or SFTP, that will ensure that all those bits are clean of malicious code are gone.

Upgrade Your WordPress
Once you are clean, you should upgrade your WordPress installation to the latest software. Older versions are more prone to hacks than newer versions.

and, Keep regular backups.
Now that the nightmare is over, start keeping regular backups of your database and files. If this ever happens again, all you will need to do is restore from the last know clean backup and change your passwords and secret keys.