How to Fix Your WordPress Site If It Gets Hacked (Part One)

Last updated on

PART I: Introduction and Housecleaning

It’s no fun when your WordPress site gets hacked. I had a first-hand experience the other day when I was told by my brother that it happened to his site. After being able to successfully get it up and running again, I’d like to now share some helpful information and a step-by-step guide with all of you.

First things first: Try not to panic. I realize how silly or unrealistic this may sound, but millions of sites are hacked every day so you’re not alone in feeling scared, violated, or cheated. It will probably happen to each one of us at some point or another in our lives. Maybe not with a Web site, but with our computer, smartphone, iPhone (yes, it can happen), etc. Now, on to the actual steps:

1. Make sure your anti-virus software is up-to-date
It is essential that you’re using the latest virus definition files for your anti-virus software. If you are using Windows and don’t have one yet, get avast! antivirus or AVG Free — both of these are highly rated free anti-virus programs. Fully install and download all updates then continue with the below steps.

2. Save the hacked page to your computer [optional]
If you choose to report the hacker it’s very important to have a copy of the hacked page. Plus, if you decide to write a post about it to warn others, you can get screenshots and examples of the text as well. In Firefox, you go to File -> Save Page As… then navigate to where you’d like to save the files (a drive other than C: is strongly recommended). Be sure that “Web Page, complete” is selected as the “Save as type” option, change the file name if you’d like, then click ‘Save’.

3. Download the latest version of WordPress
At the time of this writing, it is 3.0. You are able to always get the most up-to-date version of WordPress at Even if you are unsure whether the server your site is on has the requirements, it’s imperative that you upgrade and find a host who does, if necessary. HostGator is a good one and is not as likely to be a target for hackers like, say, Go Daddy. Once the latest version of WordPress is downloaded, go ahead and extract all of the files (will go to a ‘wordpress’ folder within the same folder you’re in).

4. Clean up all affected folders and files on the server
Now that you have the latest version of WordPress, you are able to delete everything but the essential files from your server. Don’t worry, your database has all of your data including your posts, pages, categories, tags, and so on. If you were so unfortunate to have a hacked database too, hopefully you have been making regular backups (more about this in PART III)  and/or your host may have one from within the last 24 hours (hey, better some than none). Below are the folders and files that should NOT be removed:

  • DO NOT DELETE folders that were there in the first place (e.g., stats)
  • DO NOT DELETE ‘wp-content’ folder (themes and sometimes plugin content)
  • DO NOT DELETE .htaccess (permalink structure, permissions, passwords, etc.)
  • DO NOT DELETE favicon.ico (customized icon to left of URL)
  • DO NOT DELETE google…html (Google Webmaster Tools verification)
  • DO NOT DELETE wp-config.php

5. After uploading the latest version of WordPress, you may safely delete these files:

  • DELETE /wp-admin/install.php (not needed anymore)
  • DELETE /readme.html (to prevent users from seeing WordPress version)

6. Refresh your site’s home page
Things should look better now. If your host has a default page that appears when it finds no content, that will be shown. Otherwise, you’ll get the standard “Page Not Found” error, which is much better to see than a hacked page, am I right?

7. Install the latest version of WordPress
If your site’s content has been removed in Step 5, use FTP to upload everything (except the ‘wp-content’ folder) from the ‘wordpress’ folder in Step 4 above. (If you like to keep things clean like me, you don’t need to upload the wp-config-sample.php file since you already have wp-config.php on the server.) After the transfer is complete, you can then go into the ‘wp-content’ folder and upload new files and folders if you’d like, but it isn’t necessary.

8. Refresh your site’s home page again
Hopefully you see your site as it was now. If not, I hate to say this but your database has been hacked. This is a lot more complicated to fix, but bear with me while I direct you to PART II: Database Modification and WP Admin.

PART I: Introduction and Housecleaning
PART II: Database Modification and WP Admin
PART III: Plugins to Make Your Life Easier

About the Author (Author Profile)

Alistair Barnett is a member of Solostream Support. He is a walking Internet how-to and can almost always tell you where to go on the Web to do x, y, and z. Over 15 years’ experience of being an avid Copyeditor, Web Designer, and Internet consultant allows him to assist in any way he can. His focus is on attention to detail, while also being a helpful, easygoing person.

Comments (4)

Trackback URL | Comments RSS Feed

  1. Adam Wilcox says:

    This was a great article Alistair!

    I definitely think my shared hosting through GoDaddy has something to do with these hackers getting into the back end of my site. I am not too much of a tech person and I didn’t backup my WP blog before it got hacked and I was devastated! Thank god for the guys at they got my site back up and running, but had I backed up my website I think this would have been a good option to try! Thanks again


  2. John Bolakis says:

    Alistair, thank you for the useful heads uP! My client’s site did get infected approx. 9 months back, my developer cleaned it up, then he left. Thing is, there’s like 3 different SEO / meta-data etc plug ins on this site, 3 malware programs, 3 of almost everything, it’s doing my head in! I’m going to come back to your notes later and let you know how I went. p.s. this site is currently on WP 3.4.1

  3. Yusuf Yesil says:

    I totally agree with you. Also hosting is one of the keypoints. We were working with Godaddy shared hosting and we had so many trouble. Even the .htaccess file, permissions were none-writable, hacked several times to redirect russian sites. We don’t have any problem now after we moved to dedicated hosting. We can arrange the security level and use chown when it is necessary. I strong suggest dedicated hosting servers.

  4. hi Alistair –

    I’m generally always looking for advice on how to keep our WP site secure. We’ve had problems in the past, and I just wanted to thank you for your service in this area, and to let you know that I appreciate it!

    All the best,


Leave a Reply

No Theme Support Questions Please

We will not respond to theme support questions submitted via this form.. If you've purchased one of our themes or a Premium Themes Membership, please visit the Solostream Support Forum for support questions. To do so, login to the Solostream Member's Area, and click the link for the Solostream Support Forum.