Fix Hacked WordPress infected with malware the professional way. There are many tutorials out there on the web on how to fix a hacked WordPress website. The way professionals fix a hacked WordPress is much different. We fix hacked WordPress websites on a weekly basis. The best place to get it fixed is a specialist in fixing hacked WordPress sites here.
Scan Hacked WordPress Site
You can scan your hacked WordPress site to see where the infections are. This is not 100% but it will give you an idea on where to start. The Web App Inspector is a good place to start to see what files are infected with the malware.
WordFence Scan Plugin
Warning For WordFence Plugin
When you run the scan WordFence will also ask you to fix the files. They will also ask if you want to delete them altogether. This may cause you a lot of headaches. If you deleted an infected file that you needed like your wp-config.php file you are going to have to try to recover it. If you try to fix it yourself via WordFence and you make a mistake you could be locked out of your dashboard.Make A List Of Plugins & Themes
Before doing any fixes be sure to make a list of your plugins and themes. Download new fresh ones from wordpress.org or wherever you purchased the plugin. It is important that you have clean themes and plugins during this process.Core Files WordPress
Download all the core files for wordpress. This is so you can start fresh from the beginning.Why You Need To Remove All Files From WordPress
You may be wondering in the video tutorial why we needed to remove all the WordPress core files. The reason why is because there could be new malicious files created within those directories. Many scanners will not pick up on the fact that there are additional files that were created. This is the reason why we remove everything and start from zero! There may be some additional legitimate files that were created by your plugins. It is safe to delete them as well because they will be recreated when activated. To see a list of a fresh WordPress files see this post here.Fix hacked WordPress With Shell Access
We are going to fix the hacked WordPress with shell access. This is the way the professionals do it. Everything you see here can be done through a file manager as well. The process just takes longer through the file manager or FTP.Log Into Server Via Shell
So first off log into your server via shell. If you want to get familiar with shell see my tutorials on shell here. Navigate to the root directory for your website.Backup The WordPress Database
The first thing to do after logging in is back up the database. To get the information that you will need type in this command.nano wp-config.phpLook for the username, database name and password. Copy them into a text document. Next we will back up the database by creating a sql dump file. Here is the command line for that.
mysqldump -u username -p databasename>database.sqlAfter hitting enter you will need to enter the password for the database.
Backup Website Before Fixing WordPress Hacks
It is important that you back up the website before fixing the WordPress hacks. As an additional measure you could store the backup on another server somewhere or download it to your computer. When you are logged in via shell use this command to back everything up.zip -r backup.zip *Now you are free to download the site.
Zip Up wp-content Folder
I like to zip up the wp-content folder separately. These are the files with all the themes, plugins and uploads for the site. This makes it easier when I am unzipping things later to inspect any infections. use this command to zip up the wp-content folder.zip -r wp-content.zip wp-contentThis will save all your themes, uploads and plugins that you can easily unzip later.
Delete All Files In Your WordPress Root Directory
You want to be sure to delete all the files that have anything to do with wordpress. Be sure not to delete the files that you just zipped up. Also make sure you leave a copy of the wp-config.php file because this is the key to your database. Also do not delete any server files like the error or stats directory. For a list of files and directories that are suppose to be there contact your host if you are not sure.Get Fresh WordPress Core Files
Now you want to get fresh WordPress core files. To do this we use the following command in shell.wget https://wordpress.org/latest.zipAfter pressing enter or the return button the server instantly gets the clean WordPress core files. Now you will need to unzip them on the server. Do that with this command.
unzip latest.zipYou will notice there is a new directory called wordpress. What we want to do is move all the files in that directory to our root directory. We do that with this command.
mv wordpress/* ./Type in ls and then you can see all the WordPress core files have been move to the root directory. Now we want to remove the wp-content folder from the fresh install and replace it with the wo-content zip file. Here is the process.
rm -r wp-contentUnzip the old wp-content direcotry.
unzip wp-content.zip
Inspecting And Replacing Files In wp-content Directory
Now we will need to inspect and replace plugins and themes in the wp-content directory. First off go to your plugins directory using this command.cd wp-content/pluginsRemove all the plugins and replace them with fresh ones from the WordPress plugin repository or wherever you purchased the plugin. Make sure you remove everything out of the plugins directory and replace them with new fresh plugin installs. Do the same thing with your themes. Remove them all and replace them with fresh themes from the WordPress Theme repository or wherever you purchased the theme.