How to restore hacked WordPress website? v2

BACKUP!! BACKUP!! BACKUP!!

Make sure you do backup regularly or at least ask your clients’ to take a clean backup of website.

Change Password

After your website gets hacked, first thing to do is to make sure that you change passwords ie: cpanel, database, wp-admin, etc

Replace Files/Folders

1. Rename public_html folder to something else eg: public_html_OLD
2. Download latest version of WordPress from https://wordpress.org/latest.zip
3. Extract latest.zip
4. ou will see wordpress directory after the extraction.
5. Rename wordpress folder to public_html
6. Rename default wp-config-sample.php file to wp-config.php
7. Provide database name, database username and database password in wp-config.php file. Also, make sure the table prefix is same as previous.
8. Copy new salt to wp-config.php file from https://api.wordpress.org/secret-key/1.1/salt/
9. Add following in wp-config.php file:

define(‘DISALLOW_FILE_EDIT’, true);
define(‘WP_AUTO_UPDATE_CORE’, true);

Restore Themes

If you have clean backup of themes folder then simply copy it otherwise copy theme folder from public_html_OLD/wp-content/themes/

Install Plugins

Download each plugin again. Do not copy any plugins from public_html_OLD folder.

Copy Uploads Folder

We need images which are uploaded in uploads directory.
1. Copy public_html_OLD/wp-content/uploads to public_html/wp-content/uploads.
2. To make sure none of the php files work inside uploads folder, create new .htaccess file inside uploads folder and paste following:

RemoveType .php

3. Check if php files work or not by creating new test.php file inside uploads folder and browsing the file from browser as https://yourwebsite.com/wp-content/uploads/test.php.

Install Additional Plugins

1. Antimalware: Install antimalware plugin, register, download latest signature and scan public_html/wp-content/themes/ folder for any backdoor.
2. BulletProof Security: Install this plugin and activate the plugin. You should generate new secure .htaccess using it.
3. Captcha: Use this plugin to stop spammers.

Check your website

Check if website is working fine. If not, then enable WP_DEBUG in wp-config.php file and troubleshoot.

Check Database

1. Login to WordPress Dashboard. Check if any unknown user exists. If exists, then remove it immediately.
2. Check if hacker have injected any javascript in database. If yes, remove it.
3. If there was not much changed then you can restore database from previous backup.

Further Steps

1. You can install plugin which will auto update themes/plugins when available. Eg: auto-update
3. Add your website to Google search console: https://www.google.com/webmasters
3. Check with online scanner: https://sitecheck.sucuri.net/

*It is recommended to use Genuine themes/plugins. Do not use any premium themes/plugins which are available to download for free. This might be uploaded by hackers to lure developers.

View 10 comments on “How to restore hacked WordPress website? v2

  1. An intriguing discussion is definitely worth comment. I do believe that you ought
    to publish more on this issue, it may not be a taboo matter but
    generally folks don’t talk about these subjects.
    To the next! Cheers!!

    1. If an individual is technical enough then they can hopefully follow this so that they do not have to bother to hire any person. Definitely, professionals do not talk about this. It is because this is how they earn. I am indeed not doing good for them.

      But there are some people who simply don’t get time to do all these things. For those, they need to hire guys. The only objective of this post is to secure the WordPress site. One can simply follow the steps to prevent possible future hacks. I can’t say your website can’t be hacked but may prevent it to some extent.

      I don’t know what will be next.

  2. Wow that was strange. I just wrote an extremely long comment but after I clicked submit my comment didn’t show
    up. Grrrr… well I’m not writing all that over again.
    Anyways, just wanted to say great blog!

    1. Hey, Thanks for your comment. I am extremely sorry that your first comment didn’t show up. To prevent abuse I have to check them manually. You can’t believe how much spam comments I get daily.

      Keep visiting.

      Thanks again.

  3. This is really interesting, You’re a very skilled blogger.
    I’ve joined your rss feed and look forward to seeking more of your wonderful post.

    Also, I’ve shared your website in my social networks!

Leave a Reply

Your email address will not be published. Required fields are marked *