How to restore hacked WordPress website? v2

BACKUP!! BACKUP!! BACKUP!!

Make sure you do backup regularly or at least ask your clients’ to take a clean backup of website.

Change Password

After your website gets hacked, first thing to do is to make sure that you change passwords ie: cpanel, database, wp-admin, etc

Replace Files/Folders

1. Rename public_html folder to something else eg: public_html_OLD
2. Download latest version of WordPress from https://wordpress.org/latest.zip
3. Extract latest.zip
4. ou will see wordpress directory after the extraction.
5. Rename wordpress folder to public_html
6. Rename default wp-config-sample.php file to wp-config.php
7. Provide database name, database username and database password in wp-config.php file. Also, make sure the table prefix is same as previous.
8. Copy new salt to wp-config.php file from https://api.wordpress.org/secret-key/1.1/salt/
9. Add following in wp-config.php file:

define(‘DISALLOW_FILE_EDIT’, true);
define(‘WP_AUTO_UPDATE_CORE’, true);

Restore Themes

If you have clean backup of themes folder then simply copy it otherwise copy theme folder from public_html_OLD/wp-content/themes/

Install Plugins

Download each plugin again. Do not copy any plugins from public_html_OLD folder.

Copy Uploads Folder

We need images which are uploaded in uploads directory.
1. Copy public_html_OLD/wp-content/uploads to public_html/wp-content/uploads.
2. To make sure none of the php files work inside uploads folder, create new .htaccess file inside uploads folder and paste following:

RemoveType .php

3. Check if php files work or not by creating new test.php file inside uploads folder and browsing the file from browser as https://yourwebsite.com/wp-content/uploads/test.php.

Install Additional Plugins

1. Antimalware: Install antimalware plugin, register, download latest signature and scan public_html/wp-content/themes/ folder for any backdoor.
2. BulletProof Security: Install this plugin and activate the plugin. You should generate new secure .htaccess using it.
3. Captcha: Use this plugin to stop spammers.

Check your website

Check if website is working fine. If not, then enable WP_DEBUG in wp-config.php file and troubleshoot.

Check Database

1. Login to WordPress Dashboard. Check if any unknown user exists. If exists, then remove it immediately.
2. Check if hacker have injected any javascript in database. If yes, remove it.
3. If there was not much changed then you can restore database from previous backup.

Further Steps

1. You can install plugin which will auto update themes/plugins when available. Eg: auto-update
3. Add your website to Google search console: https://www.google.com/webmasters
3. Check with online scanner: https://sitecheck.sucuri.net/

*It is recommended to use Genuine themes/plugins. Do not use any premium themes/plugins which are available to download for free. This might be uploaded by hackers to lure developers.

Leave a Reply

Your email address will not be published. Required fields are marked *