After a hacked WordPress site comes back online, the visible homepage is only the first check. The revenue paths usually need a deeper pass.
Recovery checklist
- Confirm wp-admin, front page, and key landing pages load.
- Check uploads, logos, favicons, manifests, and media paths.
- Check forms, shortcodes, payment callbacks, email sending, and dashboards.
- Check plugins that were custom, premium, or manually edited.
- Check certificates, permissions, cron jobs, backups, and database users.
Recovery is not complete until the site owner can operate and sell again.