How to Completely Restore Hacked WordPress Installation?


You probably must be aware of the increasing threats to a WordPress site, and are looking forward to learn the method to clean hacked WordPress installation. Hacking of your site can affect your online presence to the core as it can downgrade your search results ranking, promote unauthorized products on your site and expose your content to virus attacks. Therefore, as soon as you detect that your site has been hacked and is performing undesirably, your next step must be to clean your site.

In this tutorial, we will illustrate the procedure to clean hacked WordPress installation to get rid of the hacker’s activities on your site.

Create a backup of the site and database

 Clean and Restore Your Hacked WordPress Installation - Create BackupThe first step you must execute before starting any technical procedure on your site is backing up the data. Your site and database contains all your efforts made to promote your online presence. Creating a backup of your site enables you to revert the files and folders in case of any errors. Moreover, there are valuable files and information on your site even after its hacked. You would not like to lose these valuable information during the cleaning and restore procedure.

In fact, at the worst, you would be able to restore the site to the hacked state and initiate the procedure again. Therefore, you must create a backup of your site and database before proceeding further.

Get a copy of files present on your site

Many times, it becomes difficult to track the images, you earlier upload to your posts after fixing your site. If you do not upload the images after fixing your site appropriately, your posts may include broken images. Hence, it is advisable that you must create a copy of images and other files that you uploaded in the upload folder of your site.

Apart from the image files, if you used non-image files, which you offered to your visitors, a fresh copy of the files should be grabbed. Some examples of non-image files are zip files, PHP scripts and plugins.

Download the latest version of WordPress and plugins

 Clean and Restore Your Hacked WordPress Installation - Upgrade WordPress and PluginsSome new developers would recommend you to use the WordPress automatic upgrade functionality for getting the latest version of the WordPress software and plugins. But this would not clean your site because auto-upgrade replaces specific files and folders only. Hence, your obsolete files would still be present in the site. Hence, if you auto-upgrade a site which has already been hacked, the hacker can again attack your files.

To get rid of hackers, you should start from scratch. In simpler words, you should get the fresh copies of WordPress software as well as all the plugins and themes that you want.

Delete the WordPress directory’s folders and files

Once you create the backup of your directory and have the fresh copies of your files, it’s time to delete the files from your existing WordPress directory. Deleting all the files and folders is the most effective way of removing all the infected files. You can use FTP for deleting the files. However, if you want to execute this step quicker, you must delete the files through Plesk’s File Manager or command line.

Upload Fresh versions of WordPress software and extensions

 Clean and Restore Your Hacked WordPress Installation - Upload WordPress Software and ExtensionsUpon completion of the deleting procedure, you need to upload the files. For this, you should make sure that all the copy of images as well as the files you downloaded earlier are located at a easily-accessible area of your desktop. That said, you may use the FTP client for uploading the files to your WordPress site. Remember, this is the first step of the restoration procedure and you must execute this appropriately to ensure high performance of your site.

Upgrade your database

Once all the files are uploaded on your WordPress site, you can upgrade your database. This is an important step because upgrading the database makes the structure of your database familiar with the newly installed WordPress version.

Change your admin login credentials

Your website was probably hacked because one of the admin failed to keep up with the privacy of the admin password. Therefore, you must change the admin password and choose a strong password that is difficult to guess. In addition to this, you should restrict the number of users to the least number of people to ensure high level of security. Having said that, you may check the user list and remove the users you cannot recognize, if any.

Check your posts for damage and repair them

As your WordPress site is set to be accessed by people, you should make sure that there isn’t anything missing from the posts. For this, you should go through your posts one by one and restore if any image or file is not present in them. You can browse the posts by running the following query in the database’s query window.
Clean and Restore Hacked WordPress Installation

Test your site

 Clean and Restore Your Hacked WordPress Installation - Test SiteAfter installing the fresh version of WordPress software, activating efficient themes and plugins and checking the posts, it’s time to ensure that the site is performing well. For this, you should log out of the admin dashboard and access the site as a visitor. If the content, themes and plugins are running smoothly, you have restored your site successfully.

Improve the security

After following and executing so many steps on your site, you would not like to get it hacked again. Therefore, you must tighten the security of WordPress hosting. To start with, you should change the server access of your site to secure FTP. Apart from this, the admin passwords must be strong. For this, you can use an advanced password generator tool. In addition, you can also opt for 2-factor authentication where any user would need the OTP sent to the recognized mobile number for accessing a site.

Moreover, you should take assistance of some website and server monitoring tools so that you can keep a track of your visitors and traffic. The advanced monitoring tools provide an option to keep the security as well as the software of the site updated. Hence, your site will be clean and would, hopefully, not be hacked or targeted by a hacker.