This presentation focuses on recognizing the signs of a hacked WordPress site (signs spam is being generated by the site, malicious redirections, etc), investigating the location of the hack (using wp-cli to find the location of altered code, plugin based scanners, and external scanning tools), repairing the site after the hack (replacing core files, backing up the database, and applying forced code updates), and then testing it. The presentation will focus on realistic expectations for hack mitigation – that it is usually not a question of getting a site back to where it was before a hack, but rather how close you can get it. The importance of backups is emphasized. An attendee should leave the presentation with an understanding of the general WordPress hack mitigation process and the importance of having a solid backup strategy.