Overview
This article describes the steps to manually reinstall a new copy of WordPress to your hacked site.
If you're not comfortable fixing your WordPress site on your own, you can request DreamHost's Hacked Site Repair (a professional malware removal service). DreamHost experts will access your account and make the necessary repairs to get you back online quickly. See the Terms of Service page for more information.
DreamPress sites
If you are a DreamPress customer and believe your site may be hacked, please contact support.
Reinstalling WordPress
These steps change your theme, passwords, and reinstall the new core WordPress files.
Change your WordPress theme
Log in to your WordPress dashboard at example.com/wp-admin and navigate to Appearance > Themes to change your theme to the current default theme.
Take note of your current theme before proceeding. You will need it to reinstall or reactivate it later, especially if multiple themes are installed.
Change your passwords
Change both your FTP user password and your database user password, and make sure you update your wp-config.php file after changing the database password.
Rename the WordPress directory
- Log in to the web server via FTP.
- Navigate in to your website directory. If you’re in the correct directory, you’ll see a list of files and directories beginning with wp-. It’s also possible you installed WordPress in a subdirectory such as /blog.
-
Rename the directory to something like example.com_HACKED. If it’s in a subdirectory, rename it to example.com/blog_HACKED.
When you rename the web directory, your site will immediately be taken offline.
- Create a new, empty domain directory with the same directory name as the original.
Reinstall a new unhacked copy of WordPress
You can reinstall WordPress in either of the following two ways:
- Manually (using FTP or wp-cli).
- From your DreamHost panel.
From the panel
- Navigate to the Manage Websites page.
- Click the Manage button to open Website settings, which allows you to modify various configurations for your site.
- Click the WordPress tab.
- Scroll down to the Reset and Removal Tools section.
- Next to Remove DreamHost Management, click the Remove button.
-
Click the Confirm Removal button.
You’ll be redirected back to the dashboard tab. - Scroll down to the WordPress section.
- Click Get Started.
- Select Custom Installation and then choose None for the site's purpose, which installs a clean version without additional themes or plugins.
Connect your new install to your old database
You must connect the new files you’ve downloaded to your existing database. To do this, you need the following information:
- Database name
- Database username
- Database user password
- Hostname
- Table prefix
This information is located in your former wp-config.php file:
- Log in to your server via FTP.
- Navigate to your former hacked directory, which you renamed to example.com_HACKED.
- Open the wp-config.php file. You’ll find all of the values listed above.
- The table prefix line begins with $table_prefix =.
- For DreamHost installs, the table prefix starts with wp_ and is followed by a series of random numbers and letters. For example: wp_17Dz9g.
- Change to your new WordPress install directory.
- Delete or rename the wp-config.php in that new folder.
- Load your site.
- Select your preferred language, and then click Continue.
- Click Let’s go! on the setup page.
- Enter the required information, and then click Submit.
-
Click the Run the install button.
Since you already have data, a message appears indicating that WordPress is already installed, which means that you've successfully connected your WordPress installation to your old database.
Add previous content
Your WordPress site is now fully installed and connected to your old database. However, you must now add all of your previous themes, plugins, and uploaded images.
Install your previous theme
Download and install a NEW copy of your theme rather than moving the theme files from your old install.
- If you changed your theme to the default theme before you started, your site should load your posts, but without the correct theme.
- If your specific theme is not currently installed, you can install it through the WordPress dashboard.
If you did not change the theme to the default theme before beginning, the site may load a blank white page. Since you cannot access the WordPress dashboard at this point, you will need to use one of the following options:
- Log in to your server via SSH and use wp-cli to install the theme
- Download a copy of the theme (usually delivered in a ZIP format), unzip it on your computer, and then upload it via FTP to the themes directory at example.com/wp-content/themes/new_theme/
Once you have your chosen theme installed and activated, you should be able to load your site and see your posts.
Install former plugins
Install NEW copies of your plugins rather than copying over the files from the hacked install.
Also, only install the plugins you know you need and use. Cutting down on inactive plugins limits a hacker's access to your install and makes WordPress run faster as well.
Copy your previous uploads
Your uploads (images and other media) are still in the old hacked install's directory. Using FTP, copy the contents from the old folder to the new one. For example:
example.com_HACKED/wp-content/uploads
-to-
example.com/wp-content/uploads
Please check over the files you are moving and make sure they are all yours. If you move hacked code into your new install, it will infect your new site. The /uploads directory primarily contains media, so the files should end with extensions that indicate what kind of file they are (.jpg for a JPEG image, for example, or .mp3 for a MP3 audio file).
BE VERY CAUTIOUS ABOUT FILES ENDING IN .PHP IN THE /uploads DIRECTORY.
If everything goes well, you now have a brand-new install of WordPress, connected to your old database and with all your uploaded content, your chosen theme, and your chosen plugins.