In this article we'll go over steps you can follow to reinstall WordPress after a hack. Typically when a WordPress site is hacked it's because you're not running the latest secure version, or you have an outdated plugin or theme that's been compromised.
While sometimes you can simply remove malicious files that have been uploaded to the server, or remove maliciously injected code that has been inserted into your scripts. You might not clean up everything, and this could lead to further hacks being placed on your account. So opting to reinstall wordpress after a hack is a good option to use for peace of mind.
In the following example we're using a dummy website called PrimaryDomain.com. We noticed this site was hacked because it wouldn't load properly so we're going to reinstall WordPress and have it connect to our previous installation's database.
Also in this case our system administration department went ahead and quarantined our old WordPress installation outside of our /public_html/ directory. This helps ensure that no further malicious activity can take place until we secure our WordPress install.
- Grab the latest version of WordPress to your computer.
- Extract the wordpress-3.x.x.zip archive to a local folder.
In your favorite FTP client, open up the local folder \wordpress\.
You can then use Ctrl-A to select all the files.
Drag all those files onto the server into the /public_html/ directory.
After the upload completes, navigate to the /quarantine/ directory.
Right-click on wp-config.php, and select View/Edit.
You should be prompted to select an application to view the file, select Notepad
Then copy down your database information from the define('DB_...) settings.
If you access your site now, you'll see an error aboout no wp-config.php.
In your FTP client, navigate to the /public_html/ directory.
Right-click on wp-config-sample.php, and select View/Edit.
Open this file in Notepad, and fill in your database information you copied down.
Hit Ctrl-S to save the file, and your FTP client should prompt if you'd like to save the file back to the server.
Place a check beside Finish editing and delete local file if your FTP client gives you that option. Then click Yes.
In your FTP client, right-click on wp-config-sample.php and then select Rename.
Now rename the file to just wp-config.php.
At this point your site should be back up if you use a default theme.
If you used a custom theme, those files would have been quarantined along with your original WordPress installation.
In your FTP client, navigate to the /quarantine/wp-content/themes/ directory.
Now select and drag your custom theme folder to your local computer, here we used pinboard.
Navigate to the new /public_html/wp-content/themes/ directory on the server.
Then select and drag the pinboard directory you copied, into that directory.
Your WordPres site should now be available again, and free of hacks!
WordPress sites will vary greatly in their complexity depending on what all you've installed on them. You might need to reinstall plugins or make further adjustments to get your site back exactly as it was prior to being hacked.
The steps provided above should serve as a general guideline of how to quickly get a hacked or compromised WordPress installation reinstalled. That way you can at least access the admin panel again, and your visitors will be protected from any malicious code that was on the site.