Let’s say you’ve got your WordPress web site hacked. What to do?

Today, one of my clients’ websites got hacked. The homepage was a simple text message, no page was accessible.

What are the steps to make it back again the way it was before?

  • Download WordPress from WordPress.org web site and put it again.
  • Update the database, if/when requested.
  • Recreate wp-config.php from wp-config-sample.php.
  • Temporarily set a different theme (you will put it back again, of course).
  • Check in admin if the widgets section of the web site has a malicious code (it was the case at my client’s web site).
  • Check the homepage / other pages for malicious codes.
  • If you have a database back-up, recover it from there.
  • If there is still a problem with the site being hacked, recover all the files in wp-content folder from a back-up.
  • Change the passwords of:
    • WordPress admin / other admin-class users.
    • CPanel.
    • (if different than CPanel) FTP users.
  • Install security plugins (more than one).


Share on WhatsAppLinks giving error?

Lasă un comentariu

Rules for commenters »

Puteți folosi Gravatar pentru a adăuga avatar (imagine comentarii).