Restoring a website after a breach is not simply a matter of uploading files again. A complete recovery process involves restoring the database and files from backup, closing all vulnerabilities, rebuilding search engine trust, and adding defensive layers against future attacks. The process typically takes several days, but thoroughly executing each step ensures the site will not be compromised again. Experience at Sayt.uz shows that rushed restoration often leads to repeat attacks.
Finding a clean backup
Identifying the right backup to use is the first step. The most recent backup is not always the best choice because if the infection happened weeks ago, recent backups may also contain malicious code. Analyze server logs to determine the exact date of the breach, then select a backup from before that date. Most hosting providers store weekly, daily, and monthly backups separately. In the Sayt.uz customer dashboard each backup shows its date and size, helping select the correct option.
Full restore from backup
Restoration consists of two parts: files and database. Files are restored first by extracting the archive to the public_html folder. Old infected files must be completely deleted because simple overwriting is insufficient since some malicious files may survive in the new structure. Then the database is restored: through phpMyAdmin, old tables are dropped and the SQL file from the backup is imported. In the WordPress configuration file (wp-config.php), update the database password.
Conducting a security audit
After restoration, perform a complete security audit. First, update all plugins and themes to the latest versions. Remove unused plugins and themes because every inactive component is a potential vulnerability source. The WordPress core should also be updated to the latest stable version. Install a security plugin like Wordfence or iThemes Security and run a deep scan. This process takes time but ensures no hidden backdoors remain on the restored site.
Reviewing users and permissions
Attackers typically create new admin accounts or change existing passwords for persistent access. Review all users in the WordPress admin panel and delete suspicious ones. Keep only necessary users. For remaining admins, change passwords and enforce two-factor authentication. FTP, SSH, hosting panel, and database passwords must also be updated. Email accounts should be reviewed from a security perspective since they enable password resets.
Sayt.uz practice
On the Sayt.uz hosting network, automatic 14-day backups are kept for each customer. In the Restore section of the customer dashboard, the site can be rolled back to any state with one click. Our technical team helps with any complex restoration cases โ if backups are also infected, partial restoration from older snapshots is possible. Sayt.uz customers can also order a security audit service through which our specialists deeply analyze site code and close all vulnerabilities.
Removal from search engine blacklists
When a site is compromised, Google and Yandex may flag it as dangerous, completely eliminating search rankings. After restoration, in Google Search Console under Security Issues click Request Review. Send a similar message in Yandex Webmaster. Reconsideration usually takes 1-3 days. During this period, scan the site daily through Sucuri SiteCheck so any new signs of infection are quickly detected.
Adding future defense layers
Restoration is not the end of the work โ add several defensive layers to prevent future attacks. A Web Application Firewall (Cloudflare, Sucuri WAF) acts as a shield in front of the site, filtering attacks. A CDN hides the real server IP address. Restrict the login page by IP or add a Captcha. Enable automatic daily backups and copy them to another server.