Fix Hacked WordPress infected with malware the professional way. There are many tutorials out there on the web on how to fix a hacked WordPress website. The way professionals fix a hacked WordPress is much different. We fix hacked WordPress websites on a weekly basis. The best place to get it fixed is a specialist in fixing hacked WordPress sites here.
Scan Hacked WordPress Site
You can scan your hacked WordPress site to see where the infections are. This is not 100% but it will give you an idea on where to start. The Web App Inspector is a good place to start to see what files are infected with the malware.
WordFence Scan Plugin
If you are able to access your dashboard you can install the WordFence plugin. Again, this is not 100% but it will give you a good idea on where to start. Install the plugin and start the scan.
Warning For WordFence Plugin
When you run the scan WordFence will also ask you to fix the files. They will also ask if you want to delete them altogether. This may cause you a lot of headaches. If you deleted an infected file that you needed like your wp-config.php file you are going to have to try to recover it. If you try to fix it yourself via WordFence and you make a mistake you could be locked out of your dashboard.
Make A List Of Plugins & Themes
Before doing any fixes be sure to make a list of your plugins and themes. Download new fresh ones from wordpress.org or wherever you purchased the plugin. It is important that you have clean themes and plugins during this process.
Core Files WordPress
Download all the core files for wordpress. This is so you can start fresh from the beginning.
Why You Need To Remove All Files From WordPress
You may be wondering in the video tutorial why we needed to remove all the WordPress core files. The reason why is because there could be new malicious files created within those directories. Many scanners will not pick up on the fact that there are additional files that were created. This is the reason why we remove everything and start from zero!
There may be some additional legitimate files that were created by your plugins. It is safe to delete them as well because they will be recreated when activated.
To see a list of a fresh WordPress files see this post here.
Fix hacked WordPress With Shell Access
We are going to fix the hacked WordPress with shell access. This is the way the professionals do it. Everything you see here can be done through a file manager as well. The process just takes longer through the file manager or FTP.
Log Into Server Via Shell
So first off log into your server via shell. If you want to get familiar with shell see my tutorials on shell here. Navigate to the root directory for your website.
Backup The WordPress Database
The first thing to do after logging in is back up the database. To get the information that you will need type in this command.
Look for the username, database name and password. Copy them into a text document. Next we will back up the database by creating a sql dump file. Here is the command line for that.
mysqldump -u username -p databasename>database.sql
After hitting enter you will need to enter the password for the database.
Backup Website Before Fixing WordPress Hacks
It is important that you back up the website before fixing the WordPress hacks. As an additional measure you could store the backup on another server somewhere or download it to your computer. When you are logged in via shell use this command to back everything up.
zip -r backup.zip *
Now you are free to download the site.
Zip Up wp-content Folder
I like to zip up the wp-content folder separately. These are the files with all the themes, plugins and uploads for the site. This makes it easier when I am unzipping things later to inspect any infections. use this command to zip up the wp-content folder.
zip -r wp-content.zip wp-content
This will save all your themes, uploads and plugins that you can easily unzip later.
Delete All Files In Your WordPress Root Directory
You want to be sure to delete all the files that have anything to do with wordpress. Be sure not to delete the files that you just zipped up. Also make sure you leave a copy of the wp-config.php file because this is the key to your database. Also do not delete any server files like the error or stats directory. For a list of files and directories that are suppose to be there contact your host if you are not sure.
Get Fresh WordPress Core Files
Now you want to get fresh WordPress core files. To do this we use the following command in shell.
After pressing enter or the return button the server instantly gets the clean WordPress core files. Now you will need to unzip them on the server. Do that with this command.
You will notice there is a new directory called wordpress. What we want to do is move all the files in that directory to our root directory. We do that with this command.
mv wordpress/* ./
Type in ls and then you can see all the WordPress core files have been move to the root directory. Now we want to remove the wp-content folder from the fresh install and replace it with the wo-content zip file. Here is the process.
rm -r wp-content
Unzip the old wp-content direcotry.
Inspecting And Replacing Files In wp-content Directory
Now we will need to inspect and replace plugins and themes in the wp-content directory. First off go to your plugins directory using this command.
Remove all the plugins and replace them with fresh ones from the WordPress plugin repository or wherever you purchased the plugin. Make sure you remove everything out of the plugins directory and replace them with new fresh plugin installs.
Do the same thing with your themes. Remove them all and replace them with fresh themes from the WordPress Theme repository or wherever you purchased the theme.
Inspecting the Uploads Directory
Go through the different directories in the uploads folder. If you find any strange files delete them. If they were put there by one of your plugins they will be recreated later. Make sure you keep all your images, pdf or anything else that you uploaded. If in doubt remove it. You can always put it back because you have a backup of your website.
More On Fixing Hacked WordPress Sites
More often that not with fixing hacked WordPress sites a hackers favorite target is the includes directory. By removing all those files we eliminated that threat at the outset of this tutorial. There are some that favor the wp-admin directory as well. We have also eliminated that as a threat at the beginning.
The wp-content folder is a good target as well. Once you replace the themes and plugins then it is all about the uploads folder. This is probably where you will spend most of your time going through these directories. You can also download that folder and use a scanner on your computer to scan that directory for any infections.
I hope you enjoyed this tutorial on how to fix a hacked WordPress website the professional way. You can do these steps with a file manager or a FTP. The process is just mush quicker in shell.
Please like, share and subscribe and check out our other WordPress tutorials below. 🙂
Please like, share and subscribe.
I hope you enjoyed the article. If I was able to help you please consider a tip for the content.
One Time Tip