One of the major issues that you might see on your website is hacking. If your website has weird fonts and it says WordPress Hacked by Mister Spy, you need to pay attention.
Well, the message won’t say “WordPress” (of course) but if your WordPress is Hacked by Mister Spy, here is how you can clean your website easily.
These are the steps you need to follow if you want a clean website in just a couple of times. It might take more time if your website is big and you have no experience using WordPress. However, it won’t take more for an experienced person.
Preparing to clean
First, let’s understand the WordPress Hacked by Mister Spy issue.
Here, two things are most common.
- WordPress Hacked by Mister Spy message
The first is the message that will appear on the website. That’s how you can know that your WordPress Hacked by Mister Spy.
The next thing that Mister Spy does is changing the font. The attacker will change all the fonts of your website and make it look really weird sometimes.
You might see the fonts in a different language and sometimes, you will see fonts in huge size. Either way, it will not only spoil the look of your website but it will also decrease the branding and trust of people.
Therefore, we will have to solve it at any cost.
Before that, we will take a quick backup of our website. It is necessary to take a backup of your website before you make any changes.
You will have to make sure that you take the complete backup of your website. In simpler words, it should include all the files as well as it should include all the database as well.
Save the backup someplace safe. You can also save it on the server if there is not enough space on your local computer. Just make sure that you have taken the backup of all the things. In this way, your website will be safe and just in case, something wrong happens, you can restore the website quickly.
That’s pretty much it. Now, we are all set to remove the WordPress Hacked by Mister Spy issue and fix it.
Scan your Website
We will first scan your website and see where the problem lies. There are some security plugins you can use. In this case, we will use the security plugin WordFence.
You can install this plugin directly from the WordPress directory. Once you install the plugin from the WordPress directory, you will see a separate option in the dashboard.
It’s free and available to everyone. You can easily install and activate the plugin. If you don’t like the plugin, you can also try out the Sucuri plugin.
Either way, you will have to make sure that you install the plugin and follow the steps. The steps are very much similar in both of them. So, there is nothing to worry about the steps. The steps are as follows.
- Install and activate the plugin if you haven’t already
- Open the plugin from the dashboard and scan the website. There will be an option to scan it. You will just have to run the scan.
- Wait for a couple of minutes. In most cases, you can also leave the page if you want. The scan will continue.
- Thereafter, it will show you the list of the infected files. Your job is to save that file.
- You can then click on the fix option give there. This will fix all the infected files.
- The fixing process will also go on for a while; you can wait till it is completed.
Once the process is completed, your website is almost fixed. However, we won’t directly believe it. Instead, we will also do a couple of more things to fix this.
Check the Files Manually
The next thing we will do is check all the files manually to make sure that all files are safe and out from viruses. This might look like a technical job but it is surely isn’t.
If you don’t want to follow this step, you can directly head over to the next one. However, we will see this step as we are seeing a complete tutorial which you can do by yourself.
All you have to do is open the files that are infected. We already have a list of files that are infected. So, our next job is to open the location of all the files.
Once you open the files, just try to read the code. If you find any usual bunch of letters and words, this might be encrypted code. You can simply remove that code. Thereafter, you can save the changes and check the website. You need to make sure that the website is loading correctly even after removing the code. So, this is an important task that you will have to perform.
If you don’t want to risk the website by removing the code, you can simply follow the next step as well. This is surely your choice. If you want to learn, you can use this step else you can head over to the next step. This is surely your choice to make. In the end, just make sure that you follow the next step. It doesn’t matter whether you follow this or not. Do not skip both of these steps. Make sure you follow at least once.
With that being said, let’s see the next step that you can follow.
Replace the Files
We will now replace all the infected files with the new ones. To do that, we will still need the list f infected files that we found earlier. When we have the list of the files that are infected, we are all set to move on to the next steps.
The next step is to find the origin of all the files. See the main folder in which the file is stored. If the file is from WooCommerce, it means that the file is from the WooComemrce plugin. In the same way, you will have to see from which plugins the files are from.
Once you find it, you will have to replace all the files with the new ones. You can do this with ease. All you have to do is download the files from the source. You will easily find them from the WordPress directory or from the place you purchased them.
Thereafter, download the original zip file and extract it on your machine. Find the exact file that is infected. Upload it in place of the injected one.
The same procedure applies to all the core files, theme files, as well as for all plugin files.
You can replace all of them and it will be good as new.
Remove the Content
Your next step is to remove all the content that says WordPress Hacked by Mister Spy and similar stuff. In some cases, even after removing the vulnerable files, the text and the font will be the same. So, we will have to remove the content first.
The attacker might even have changed the page. In this case, you can easily edit the page and restore the previous version.
You can see the version of the pages from the revision option given on the side. So, first, try to identify the main pages of the website and restore the previous versions.
If there are none, you can surely proceed to remove the content.
To remove the content, you can head over to Pages > All Pages. In this, you will find the list of all the unusual pages. Sort the content date wise or filter them out to find the new content. Once you find the content which says WordPress Hacked by Mister Spy, you can simply delete them. You can also do the same thing with posts.
Thereafter, open your menu by going to Appearance > Menu and remove the menu items if there are any unusual items. This will clear all the traces of hacking and your website will be almost as normal.
Fonts and Appearance
In some cases, where the WordPress website is hacked By Mister Spy, you will see unusual font style and font. You can easily remove them by changing the content.
However, if it hasn’t removed any of them, you can follow the below-given method to remove all of them.
We will have to head over to the Appearance and then to go the customize section. In the customize section, we will see the theme settings which we can change.
You can try changing the font style and size from here.
If this doesn’t work, we highly recommend you replace the theme files or you can also try changing the theme files.
In this case, we will first replace the theme files. Download the original theme files and upload the zip in the wp-content folder of your WordPress directory. You can extract the files there and it will ask whether you want to replace the files or not. Select yes and your job is over.
Sometimes, the theme files are verbal. In such a case, we recommend you to change the theme instead of using the same old theme. If the theme is vulnerable, there are only two options you have.
You can either update the theme if there is an update available or you can simply change the theme. Depending on your situation, you can take the steps and see if it is working or not.
Try switching to the default theme for a while to see if the hacking message is gone or not.
Ask the Expert
If nothing works, you still have two options.
You can either purchase the premium version of the plugin we mentioned. The three best plugins will do your work.
- IThemes security
You can use any of the plugins. Upon buying the premium version, you will get better features that will help you to solve all these issues.
So, you can surely try these plugins if you want.
However, if you don’t want to do the hard work by yourself, there is another option that you can go with. This is where we will use the expert service.
Many WordPress maintenance services will also cover WordPress security in their package. This includes WordPress hacked by Mister Spy issue. So, you can also get the service as well.
This will cost you more but this will surely solve the problem and you will have a clean website with no hacking issues or vulnerabilities.
If your website is dealing with payments or sensitive information of the users, we highly recommend you to get the service instead of using a plugin. The service team will also monitor your website to make sure that your website is safe from further attacks. If they find any vulnerabilities, they will surely contact or they will automatically take appropriate steps whenever necessary. This depends on the team you choose.
To conclude, this is how you can fix WordPress hacked by Mister Spy. If you have Successful solved the issue, we highly recommend you to create a backup of your clean website. In this way, you will have one clean backup. Also, don’t forget to reindex your website it has been for a while. If the hack was there on your website for a while (days), you will have to resubmit your website to Google and ask them to reindex. You can do it from the search console. Enter the URL and click on inspect. Thereafter, you can click on request reindexing. In this way, Google will reindex your website.
Further, don’t remove the security plugin that you just installed. Keep it on as it will notify you of all the vulnerabilities. Further, you can also keep your website updated to be secure. An updated website is always more secure as compared to others. So, keep updating regularly.
How to Clean a Hacked WordPress Website using WPServices?
WPServices provides a risk-free WordPress malware removal service. 30 day money back guarantee, the most complete WordPress security plugin called iThemes Security Pro (worth $199 / year) + advanced security setup, and repeated hack protection for up to 1 year is included in the WordPress cleanup service. All of this has an industry best pricing – starting from / fixed website.
We value your time and thank you for reading our blog. So, we would like to show our appreciation by giving you an additional 10% discount on our malware removal service. Use coupon code WPAOSBLOG10 at the checkout.