How do I replace my hacked WordPress site?

 

Overview

This article describes the steps to manually reinstall a new copy of WordPress to your hacked site.

If you're not comfortable fixing your WordPress site on your own, you can request DreamHost's Hacked Site Repair (a professional malware removal service). DreamHost experts will access your account and make the necessary repairs to get you back online quickly. See the Terms of Service page for more information.

DreamPress sites

If you are a DreamPress customer and believe your site may be hacked, please contact support.

How to reinstall WordPress

These steps change your theme, passwords, and reinstall new core WordPress files.

 

Changing your WordPress theme

Log in to your WordPress dashboard at example.com/wp-admin and navigate to Appearance > Themes to change your theme to the current default theme.

Changing your passwords

Change both your FTP user password as well as your database user password.

Make sure you update your wp-config.php file after changing the database password.

Renaming the WordPress directory

  1. Log into the web server via FTP.
  2. Navigate into your website directory. If you’re in the correct directory, you’ll see a list of files and directories beginning with wp-. It’s also possible you installed WordPress in a subdirectory such as /blog.
  3. Rename the directory to something like example.com_HACKED. If it’s in a subdirectory, rename it to example.com/blog_HACKED.

    When you rename the web directory, your site will immediately be taken offline.

  4. Create a new, empty domain directory with the same directory name as the original.

Reinstalling a new unhacked copy of WordPress

Reinstall WordPress in one of two ways:

When removing the current DreamHost WordPress install, make sure to click the Remove from List button. DO NOT click the Delete all Files as that will permanently remove your website files.

Connecting your new install to your old database

You must connect the new files you’ve downloaded to your existing database. To do this, you need the following information:

  • Database name
  • Database username
  • Database user password
  • Hostname
  • Table prefix

This information is located in your former wp-config.php file:

  1. Log into your server via FTP.
  2. Navigate to your former hacked directory which you renamed to example.com_HACKED.
  3. Open the wp-config.php file. You’ll find all of the values listed above.
    • The table prefix line begins with $table_prefix =.
    • For DreamHost installs, the table prefix starts with wp_ and is followed by a series of random numbers and letters. For example: wp_17Dz9g.
  4. Change to your new WordPress install directory.
  5. Delete or rename the wp-config.php in that new folder.
  6. Load your site.
  7. Select your preferred language, and then click Continue.
  8. Click Let’s go! on the setup page.
  9. Enter the required information, and then click Submit.
  10. Click the Run the install button.
    Since you already have data, a message appears indicating that WordPress is already installed, which means that you've successfully connected your WordPress installation to your old database.

Adding previous content

Your WordPress site is now fully installed and connected to your old database. However, you must now add all of your previous themes, plugins, and uploaded images.

Install your previous theme

Download and install a NEW copy of your theme rather than moving the theme files from your old install.

If you did not change the theme to the default theme before beginning, the site may load a blank white page. Since you cannot access the WordPress dashboard at this point, you will need to use one of the following options:

  • Log into your server via SSH and use wp-cli to install the theme
  • Download a copy of the theme (usually delivered in a ZIP format), unzip it on your computer, and then upload it via FTP to the themes directory at example.com/wp-content/themes/new_theme/

Once you have your chosen theme installed and activated, you should be able to load your site and see your posts.

Install former plugins

Install NEW copies of your plugins rather than copying over the files from the hacked install.

Also, only install the plugins you know you need and use. Cutting down on inactive plugins limits a hacker's access to your install and makes WordPress run faster as well.

Copy your previous uploads

Your uploads (images and other media) are still in the old hacked install's directory. Using FTP, copy the contents from the old folder to the new one. For example:

example.com_HACKED/wp-content/uploads
-to-
example.com/wp-content/uploads

Please check over the files you are moving and make sure they are all yours. If you move hacked code into your new install, it will infect your new site. The /uploads directory primarily contains media, so the files should end with extensions that indicate what kind of file they are (.jpg for a JPEG image, for example, or .mp3 for a MP3 audio file).

BE VERY CAUTIOUS ABOUT FILES ENDING IN .PHP IN THE /uploads DIRECTORY.

If everything goes well, you now have a brand-new install of WordPress, connected to your old database and with all your uploaded content, your chosen theme, and your chosen plugins.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?