How to clean your WordPress database after a hack using the Sucuri plugin

Getting your site hacked can be one of the most frustrating experiences out there. After all, no one wants their hard work to be controlled or tarnished by someone else.

If your site is hacked for the first time, you may feel helpless or anxious, which is not pleasant. Even though you get your site back up and clean it, the chances are that it is not 100% clean. To ensure that you have to clean everything, then you need to clean your WordPress database after the hack.

To accomplish the task, we are going to use the popular Sucuri plugin. Sucuri is a popular WordPress security plugin that protects your site against malicious actors and helps you clean your site after it is hacked.

So, let’s get started with the tutorial on cleaning your WordPress database site using the Sucuri plugin without any delay.

Table of Content

Before Getting Started

It is important to have a to-do checklist before you get started with cleaning your site.

This to-do list will help you ensure that you have the best possible scenario for site cleaning. For instance, it is easy to get confused and think of simply database malfunction or corruption as a hack. In that case, cleaning your site using any security plugins is just a waste of time. In fact, it can further make things worse!

To overcome this, you need to identify if your site is hacked or not. You can go a step further by identifying what is hacked on your site.

Scan your site

One of the first steps you need to take before deciding to clean your WordPress database is to run scans on your site. You can scan your site using two different ways you can scan your site.

The first approach is to scan your site remotely. There are plenty of online scanners; however, we recommend using the SiteCheck Malware Scanner. It is a handy scanner where you only need to put the site’s name to get started.

Checking out the site using the Sucuri scanner

It will take a while for the scan to complete. If your site is not hacked or free from malware, it will give you a clean report.

However, if your site has some sort of infection or malware, it will clearly show that it is compromised. 

But, there is one more way; you can double-check the result. The other way is to install and activate the Sucuri plugin. Running a scan on your site directly will give you better results compared to running a remote scan.

Installing Sucuri and running a scan

In this section, we will go through the process of installing Sucuri and running a scan. However, before that let’s learn what Sucuri has to offer.

Sucuri offers complete website security and protection. It is one of the most popular website security plugins which are known for their services. Their plugin is the main way to connect consumer’s sites to their powerful protection. Once installed, the site can be protected using multiple layers of protection. It also utilizes a cloud proxy firewall, which means that any traffic that is sent to the hosting server is first checked for any abnormalities.

To install Sucuri, you need to go to your site’s backend. From there, go to Plugins >> Add New.

Adding New Plugin

There you will see the option to search for new plugins. Search for Sucuri and once you find it, click on Install to proceed. Once installed, click on Activate. Now the Sucuri plugin is ready to use on your site.

Installing Sucuri

Once activated, you will see your WordPress backend refresh once. Now, you will see that the Sucuri Security option is now shown on the side menu. Click on it, and then choose the dashboard.

Going to Sucuri dashboard

Once in the dashboard, you can run the scan to know if your site is infected or not.

Check the latest modified files

Lastly, you can check out the latest modified files to know what things are changed. If something looks suspicious, then you need to take proper actions to recover your site.

What if you are not able to access your site

Hacked sites act differently when they are compromised. For some reason, if your site is not opening, then you should consider contacting security services offered by different players in the market. You can also use Sucuri paid service to get your site cleaned. You can also choose other services, including Malcare and WordFence. 

If you choose Sucuri, they take 6 hours to remove the malware from your site. However, it is a paid service, and you need to pay $199 per year for the service.

Backup Your Database

The last step you need to take before you can start cleaning your WordPress database after the hack is to back up your database.

There are many ways you can backup your site. For instance, you can use your hosting cPanel to backup your site. You can also use the phpMyAdmin program to backup your database. If you are looking for a detailed way to do so, we recommend checking out the WordPress guide on how to backup your database.

How to Clean WordPress Database After Hack Using Sucuri Plugin

Now that we have backed up our database, it is now time to clean it up from the hack.

It is important to know that Sucuri itself cleans the site as a whole. To get started, you simply need to install the plugin and generate a new API key for your site. The plugin will automatically start to scan your site and show you the results. If it finds any vulnerabilities, it will rectify them automatically or guide you on how to solve them. You can also run a manual scan if you need to.

I want to say that Sucuri can send you in the right direction, and you need to do additional steps when it comes to database cleaning.

So, what steps do you need to take to clean your database after the hack? Let’s find out below.

1. Getting into the database admin panel and backing up the database

The first step is to get into the database admin panel. You can do so by using phpMyAdmin or your cPanel — the choice is yours.

From there, you need to backup your database, which we have already mentioned above.

2. Search for suspicious content

If your site is hacked, then you will notice that there are suspicious content on your database. This suspicious content can be links or spammy keywords. It can also be suspicious code that can malign the normal functioning of the database. You should also open up tables and look for any content that looks suspicious.

If you are unsure what to look for, you can use the malware scanner information to help you figure out where to get started. In case you know what you are doing, then you should look out for the most common malicious functions such as base64_decod, str_replace, preg_replace, and so on!

3. Remove the suspicious content manually

Once you have found the suspicious content, you now need to remove them manually. If you are not comfortable doing it yourself, you can take the help of a database or security expert. 

4. Verify Site Functionality

Next, you need to verify if your site is still working as intended. If it works as intended, congratulations, you have successfully removed any suspicious or harmful content from your tables. In case your site functionality is still broken, or it is not operating the way you want it to be — then you need to start again and look out for any suspicious content that resides in your database.

5. Remove database access tools

The last step is to remove any of the access tools you used during the activity to clean your database.

By now, you should be able to clean your database after the hack. However, if you are still stuck and not able to clean your WordPress database, you should contact a security expert to do it for you. You can look for plenty of ways, including finding them through freelancing sites such as Upwork. You can also take advantage of the security cleanup services provided by Malcare, Sucuri, and WordFence. 

You can go with any one of them depending on your budget and urgency.


This leads us to the end of the tutorial on cleaning the WordPress database after hack using Sucuri. Sucuri is one of the leading WordPress security plugins, and that’s why you should keep it installed on your site for ongoing protection. However, it is also important to take after hack precautions to ensure that you harden your WordPress, take proper, timely backups, and use a website firewall.

So, did you find the tutorial useful? Comment below and let us know.

Leave a Comment

Your email address will not be published. Required fields are marked *