How to fix specific content in a hacked WordPress site


If you do not want to completely replace your site files, you can still manually remove and replace specific content. However, this is not recommended as it’s much easier to miss any infected files.

If you're not comfortable fixing your WordPress site on your own, you can request DreamHost's Hacked Site Repair (a professional malware removal service). DreamHost experts will access your account and make the necessary repairs to get you back online quickly. See the Terms of Service page for more information.

.htaccess file

Many hackers insert code into the standard WordPress .htaccess file. The best thing to do is to completely remove the old, hacked .htaccess and generate a new one:

  1. Log into your server via FTP.
  2. Make sure your FTP client is set to view hidden files.
  3. Delete the old hacked .htaccess file (if it exists).
  4. In your WordPress Dashboard, go to Settings > Permalinks and re-save its permalink settings.
    • The direct URL for the page is (replace with your WordPress site).
    • This re-creates the base .htaccess.
  5. If you have the WP Super Cache plugin installed, view the following article:

How to handle unused installs

If you have an old install that you don't use, either upgrade it to make it secure or (even better) remove it completely.

Upgrading WordPress using the DreamHost WordPress installer

All DreamHost WordPress installs in the panel are always set to update automatically (unless you specifically turn it off).

Upgrading in the WordPress dashboard

  • If there is a new version of WordPress, there is a notice on every screen that an upgrade is available:
  • To update, click on Updates in the left-hand column.
For example, a button will appear in the WordPress dashboard prompting you to update to the latest version.

Upgrading via SSH

You can also upgrade WordPress via SSH. View the WordPress wp-cli article for further details.

Deleting a WordPress install in the DreamHost panel

View the Delete a DreamHost WordPress install article for details on how to completely remove and delete all files associated with a WordPress installation.

If you have the old WordPress install at and another site at, clicking the Delete all Files button will remove everything including the non-WordPress site at

Deleting WordPress using FTP

  1. Make sure your FTP client is set up to view hidden files.
  2. Delete all files beginning with wp-.
  3. Delete all directories beginning with wp-.
  4. Delete the following files (if present):
  • .htaccess
  • index.php
  • xmlrpc.php
  • readme.html
  • license.txt

At this point, there should be no remaining items in the directory but files you have uploaded. If there are files still there that you do not recognize, examine them carefully as they may be files placed there by a hacker. If you are certain that you do not want these files, you can delete them.

Deleting a WordPress install using SSH

  1. Log into your server via SSH.
  2. Navigate to your WordPress install directory.
  3. Run the following command all on one line. This deletes all WordPress files:
    [server]$ rm wp-*;rm .htaccess;rm index.php;rm xmlrpc.php;rm readme.html;rm license.txt;rm -R wp-*

This command permanently deletes all files and there is no way to retrieve them once the command has ran. Make sure you wish to permanently delete all WordPress files before running this command.

How to manually manage plugins

It’s very important to always keep your plugins up to date. This limits the possibility of getting hacked. View the following article for instructions on how to keep your plugins updated:

Updating plugins via SSH

You can use the WP CLI interface to update plugins via SSH. View the following page for further details and examples:

Disabling plugins via FTP

You can also disable plugins via FTP. View the following article for instructions:

Keep your theme up to date

View the following article for instructions on how to keep your theme up to date:

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?