How to restore hacked WordPress website?

Follow following steps to restore your WordPress website which has been compromised. These steps will help you to restore your WordPress website without any cost.

  1. Compress the entire remote site files from cpanel and download to local
  2. Delete everything in ‘public_html’ folder
  3. Change FTP, cPanel, email account and MySQL passwords
  4. Unzip local site and scan for any malicious scripts, it can be easily done with the help of installed AntiVirus program in your computer.
  5. For searching malicious scripts download software (eg: TextCrawler), search all the local site file contents for terms such as preg_replace(“/.*/e” and base64_decode

Note: there are legitimate uses base64 decoding.  What you are looking for are a large number of hex or escape strings i.e. “\x65\x76\x61\x6c\x20\x28\x20\x67\x7a\x69\x6e\x66\x6c\x61\x74\x65″

  1. Check that your .htaccess file hasn’t been compromised and check that there are no other .htaccess files in any other folder (windows search)
  2. Install latest WordPress in public_html folder
  3. Copy your wp-config.php from the old site over to the new folder
  4. Change your DB_PASS and your secret keys
  5. Login to WordPress and immediately change all user passwords – try to use random password generator like http://www.thebitmill.com/tools/password.html and bump the characters up to 12 or 16
  6. Install “BulletProof Security” firewall plugins
  7. Install “Limit Login Attempts” plugin and set to 3 attempts
  8. Create a new administrator user. Hint: don’t call it Admin, Sys, System, Administrator, Operator, WordPress or anything like that
  9. Delete the old administrator users making sure the posts/pages are inherited by the new administrator user created in the previous step
  10. Now you have a working and secured core WP installation
  11. Reinstall all the plugins from the Admin Dashboard and reactivate them if WP has already had them deactivated. The settings should be already stored in the DB
  12. Upload / ftp your theme to the live server and re-activate the theme.
  13. Last to upload / ftp is your wp-content/uploads (and any other non-WP folders in there after checking they are OK and contain only the correct media)
  14. Install “Anti-Malware” plugin. Update database and full scan

Note: this is a favourite place for hackers to store their .php or .cgi scripts sometimes named “cache”

  1. Use some backup plugins to backup your WordPress site
  2. Scan your website online http://sitecheck.sucuri.net/

Leave a Reply

Your email address will not be published. Required fields are marked *