TOP
TIPS
How to Fix a hacked WordPress website
A quality start guide to repairing & restoring a WordPress website
Duration: 2+ hours
Last Updated 2022-12-10
Find the current version of your hacked WordPress
There are different ways to get the current version of your hacked WordPress.
Here is a great article how to find out the current version of WordPress
Download the database
Get a copy of the database.
Here is a good example how to backup the MySQL database using cPanel
Note: If the database use malware in it, you will need to manually clean the malware via phpMyAdmin
Some Guides: Cleaning a WordPress MySQL database after a malware / hacking attack.
Make a copy of wpconfig.php
The wp-config. php file is usually located in the root folder of your website with other folders like /wp-content/. Via File Manager download a copy on your computer. You will need this file later.
Make a zip backup of the current WordPress directory
Some hosts will suspend your website until the malware is removed. Thus making it harder to remove the malware.
A workaround is to make a zip archive of the infected directory thus bypassing the malware scan.
It is also good to have a backup, because you can never have enough backups!
Here is a good example how to cPanel File Manager to compress files & directories
Rename the current WordPress Directory
Rename the directory of the current hacked WordPress website so it so it is not active.
Eg: I would rename public_html to public_html_hacked
Make a new folder to match the renamed folder.
As in the previous example create a new folder public_html
Install a Fresh Copy of WordPress.
The fresh copy should be the same version of the hacked website.
Some examples how to install WordPress
Upload wp-config.php
Replace the fresh copy of wp-config.php with the hacked version of wp-config.php.
You can upload it from your computer, or you can copy it from the hacked directory in File Manager
Install fresh copy of your theme
You will now be able to log into your WordPress and install a fresh copy of your theme.
Copy images from uploads directory
The specific folder where the image files are stored in WordPress is called the uploads folder located inside the /wp-content/ folder. Inside the uploads folder, your media files are stored by year and month folders. Additionally, you’ll also see folders created by your WordPress plugins to save other uploads.
Copy the uploads folder from your hacked website to your new fresh installation to transfer the images across.
Note: It is important to look inside the uploads folder for files that should not be there. Such as:
- .php files
- .js files
Do not copy those files or folders across as they may contain remains of the virus.
Install Fresh Copies of your plugins
All WordPress plugins you download and install on your site are stored in /wp-content/plugins/ folder.
Have a look at your hacked website for plugins that were installed in your websites.
Install fresh copies of these plugins from reputable sources.
Note: It is important that you do not copy plugins from your hacked directory.
Install Firewall Ninja
To prevent your website being hacked again. I would also install ninja firewall plugin and activate full WAF mode.
Check everything works
Your WordPress website is now virus free!
Check that it all works. You may need to re-activate settings that were disabled by missing plugins.
You can compare the appearance of your website with the Wayback Machine to make sure you are not missing anything