HostOnNet Blog

How to Clean your Hacked WordPress Site

Looking for Linux Server Admin or WordPress Expert? We can help.

There are several tutorials available on how to clean up a hacked website.
If you are a WordPress expert, you can search and clean the infected files and malicious code to recover the site.
If you don’t know, you can hire our professional services to put your site in the business by clicking here

Back up your site

Once the website is found to be hacked, the first thing to do is to make a full backup of your site. If your website hosted in cPanel server, you can use the backup wizard or use FTP to download files. For Database backup use phpMyAdmin.

Also you can use WordPress backup plugin like UpdraftPlus or BackWPup

Upload fresh copy of WordPress

Rename WordPress installed folder to foldername_hacked. If you are in linux hosting and installed WordPress in root folder, rename
Public_html folder to Public_html_hacked and create new Public_html and then upload fresh copy of WordPress files.

Update config file

Rename the wp-config-sample.php to wp-config.php and upate the MySQL details.

define( 'DB_NAME', 'database_name_here' );
define( 'DB_USER', 'username_here' );
define( 'DB_PASSWORD', 'password_here' );
define( 'DB_HOST', 'localhost' );


$table_prefix = '';

You can copy the above details from wp-config.php in the hacked folder

Clean WordPress Theme

If you are using the premium theme, you can contact the theme provider to get the fresh copy of the theme. If it does not, download the theme folder from backup (/public_html_hacked/wp-content/theme) and check each files, remove malicious code.

Reinstall Plugins

Reinstall all plugins from the WordPress repository. If your using the any paid plugins, contact the provider to get the fresh copy.

Delete Inactive Themes & Plugins

This will ensure that your site is pre-protected from hackers. Removing unused themes ensures better performance for the website.

Install a Security Plugin

Install Wordfence Security plugin and run the Standard Scan to ensure the security.

Go to Admin area > Wordfence > All options > and enable the following

Hide WordPress version
Disable Code Execution for Uploads directory

About Sibi Antony

Bootstrap and Android LOVER. I've been creating things for the web for over 10 years, from the period of flash and table based layout web sites till mobile and tab friendly web sites.
Posted in Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.