Even the most secure websites on the internet are vulnerable to attacks and can be hacked. As a WordPress users there are some basic WordPress security settings that can prevent you from many commonly known threats. Advance users can further strengthen their WordPress security by adding more layers of security around their WordPress sites. However, lets assume that despite all these things your WordPress site gets hacked. In this post, we will discuss the things you can do to recover a hacked WordPress site. We also talk about tools and plugins you can use to clean up an infected site.Each WordPress website uses several passwords. There are passwords for WordPress admin area, for your MySQL database, for your FTP/SSH access, your web hosting account, and most importantly passwords for email accounts associated with these logins. Even a single compromised password can give hackers full access to your entire WordPress site.First thing you should do when your WordPress site is hacked, is to change all those passwords and even usernames if possible. Use unique and strong passwords for each account. If you are not already using a password management utility then start using one right away. This will allow you to use stronger passwords without remembering them.Once you have changed all your passwords, you can move on to cleaning up and restoring your website. However, keep in mind that you will have to change all your passwords once again after you have restored your website.