WordPress Spring Cleaning of Hacks and Malicious Code

Jul06
by on July 6, 2019 at 2:25 am and modified on July 6, 2019. at 2:29 am
Posted In: Wordpress

You will need to be able to FTP into your site to do this, if you have no idea how or what FTP is use the guides from your hosting provider of your site.

  1. Download a fresh copy of WordPress from wordpress.org, unzip it and get it prepared to ftp over. But before doing that, do the following steps:
  2. FTP into your site and make a backup copy of your wp-config.php, store it on your local drive, this file has the information needed to resume your normal sites activity.
  3. Once the wp-config.php file is saved. Delete all of the .php files from the root of your wordpress install. Also delete the wp-admin/ and wp-includes/ directories and everything under them. DO NOT DELETE THE wp-content/ folder! Thats where your sites look and feel and saved images are at.
  4. Copy over the fresh copy of WordPress that came from the zip file you downloaded from wordpress.org via zip.
  5. Access your site via browser; and using the information from the stored backup of the wp-config.php file, input it again into the necessary fields. All of the information is there. DO NOT COPY OVER THE BACKED UP wp-config.php FILE. Doing it this method will recreate the file properly with the information coming from the old wp-config.php file that you saved.
  6. (Optional) Plugins: access your wp-admin and go to the plugins and record on pen and paper or text file on your system what plugins you have. … then delete them all – after they are all deleted, only reget from the repository the ones you were using and reactivate them – then reset their settings if necessary.
  7. (Optional) Using FTP access the wp-content/themes/ directory, IF while looking at the directory list and you notice the DATES on the folders do NOT correspond to the last time you edited those theme files – then there’s a possibility that the theme itself has a hack in it (can use this method to check plugins as well). Then check those theme files edit dates to check if there’s malicious code in them; usually its the functions.php file or the index.php (usually).

You should now have a cleaned up WordPress install with the same site you had previously.

NOTE: You should check your .htaccess file in your root folder as well to see if there’s something malicious in it.