In this article we'll go over steps you can follow to reinstall WordPress after a hack. Typically when a WordPress site is hacked it's because you're not running the latest secure version, or you have an outdated plugin or theme that's been compromised.

While sometimes you can simply remove malicious files that have been uploaded to the server, or remove maliciously injected code that has been inserted into your scripts. You might not clean up everything, and this could lead to further hacks being placed on your account. So opting to reinstall wordpress after a hack is a good option to use for peace of mind.

In the following example we're using a dummy website called We noticed this site was hacked because it wouldn't load properly so we're going to reinstall WordPress and have it connect to our previous installation's database.

Also in this case our system administration department went ahead and quarantined our old WordPress installation outside of our /public_html/ directory. This helps ensure that no further malicious activity can take place until we secure our WordPress install.

  1. Grab the latest version of WordPress to your computer.
  2. Extract the archive to a local folder.
  3. In your favorite FTP client, open up the local folder \wordpress\.

    You can then use Ctrl-A to select all the files.

    Drag all those files onto the server into the /public_html/ directory.

  4. After the upload completes, navigate to the /quarantine/ directory.

    Right-click on wp-config.php, and select View/Edit.

    You should be prompted to select an application to view the file, select Notepad

    Then copy down your database information from the define('DB_...) settings.

  5. If you access your site now, you'll see an error aboout no wp-config.php.

  6. In your FTP client, navigate to the /public_html/ directory.

    Right-click on wp-config-sample.php, and select View/Edit.

    Open this file in Notepad, and fill in your database information you copied down.

    Hit Ctrl-S to save the file, and your FTP client should prompt if you'd like to save the file back to the server.

    Place a check beside Finish editing and delete local file if your FTP client gives you that option. Then click Yes.

  7. In your FTP client, right-click on wp-config-sample.php and then select Rename.

    Now rename the file to just wp-config.php.

  8. At this point your site should be back up if you use a default theme.

    If you used a custom theme, those files would have been quarantined along with your original WordPress installation.

    In your FTP client, navigate to the /quarantine/wp-content/themes/ directory.

    Now select and drag your custom theme folder to your local computer, here we used pinboard.


    Navigate to the new /public_html/wp-content/themes/ directory on the server.

    Then select and drag the pinboard directory you copied, into that directory.

  9. Your WordPres site should now be available again, and free of hacks!



WordPress sites will vary greatly in their complexity depending on what all you've installed on them. You might need to reinstall plugins or make further adjustments to get your site back exactly as it was prior to being hacked.

The steps provided above should serve as a general guideline of how to quickly get a hacked or compromised WordPress installation reinstalled. That way you can at least access the admin panel again, and your visitors will be protected from any malicious code that was on the site.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?


n/a Points
2014-12-04 1:10 am

I don't know how to use an FTP.. is there a way to do this without that? 

17,314 Points
2014-12-04 1:26 am
Hello Eric,

Thanks for the question. The easiest way to do the file moves is to use an FTP client. If you require assistance, you can view the Getting Started Guide for FTP. You are welcome to try this using FTP, or you can try using the cPanel File Manager. I hope this helps to answer your question, please let us know if you require any further assistance.

Kindest regards,
Arnel C.

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Need More Help?

Help Center Search

Current Customers

Email: Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.