Restore/Recover site after hacking
Countless of WordPress CMS based websites are hacked every day. This happens, because WP is open-source and all of it’s plugins too, so, many bad people use the “holes” and “issues” for their advantage and hack websites. In case you were a victim, you have to do the following steps. (Note, if you miss any step, your site will possibly remain hacked):
- At first, report the malicious plugin/theme to firstname.lastname@example.org or theme/plugin developer company itself . Also, post that issue on WordPress forums, to warn others too.
- Delete that file immediately.
- Delete all suspicious **plugins** and **themes**. Remember the list of TRUSTED plugins you have installed and TRUSTED theme name (continue reading).
- Backup database (export to PC) and delete database from MYSQL server.
- Change password and database name of MYSQL server.
- (Not required, but strongly recommended): Change your WP login password. If you used that password somewhere else, change everywhere (because your password may have been grabbed already)
- Backup only
wp-content/uploadsfolder (if you have custom theme or something, backup it too), and delete everything from
- Check uploads (or other folders you backed-up), if there is any
.phpor server-side files inside that, it is is clean, then put that folder back to site.
- Now you have to check your exported DATABASE(SQL) file carefully. see if there are extra/suspicious tables or EXTRA USER added, or some hackable cron job created.
- Import the revised SQL database back to newly created database (with different username and password as I’ve said), but: before importing, you can replace your admin password from
$P$B1oYQ3msvVDfFRDwiCY6lViBGmiXMT/(this is password
a. you should change it as soon as you enter your site first time).
- Reinstall clean WordPress installation on your site (if you use old version of WP, please install NEWEST VERSION).
- Install only those “Trusted” plugins and theme.
These are short description of necessary steps to recover your site after hack. It may be a hard process somehow, but if you want safety, you should do this. Otherwise, you will still remain hacked!