How to clean hacked or compromised wordpress site2020-01-10|Views:952
How to clean up hacked wordpress website
There is a detailed guide on how to cleanup hacked wordpress provided by the wordpress team available at the link below:
FAQ My site was hacked:
Visit this link to take steps to increase security of your wordpress:
*There may also be hacked administrator accounts. Check wp_users table in your wordpress database for unusual admin account.
As a rule, NEVER use admin as your administrator username.
Change all user passwords and use strong usernames that are hard to guess.
The best way to clean up your website is to take down your current site and replace with a fresh copy. Preferrably, do not reuse your old plugins and themes.
If you do not wish to take down the site, although we strongly recommend you do, you can download a fresh installation of wordpress. The version should be the same as your wordpress installation version.
If you cannot login to your wordpress dashboard to retrieve the version, you can find the version in the file /wp-includes/version.php
Download wordpress: https://wordpress.org/download/releases/.
Make a backup of your compromised wordpress. You need the wp-content folder and wp-config.php for the cleanup.
In your wordpress directory, keep the wp-content and wp-config.php files.
Delete all the other wordpress files and wp-admin and wp-includes folders leaving only the stated in step 5.
Copy or upload the default files except wp-content in the wordpress installation files you downloaded to your site.
Since the wp-content folder contains your plugins and themes, if your site was compromised through an unsecure plugin or theme, your website will be compromised again.
After uploading, your wordpress should work. If it still doesn't work, then it's likely your theme and plugins are compromised.
To fix that, you can replace the themes and plugins folders with the default one you downloaded.
If the problem was your theme or plugins, your site will work after doing the above. You MUST upload fresh theme and plugins after you are able to login.
As a best practice, do not reuse compromised themes and plugins.