How to clean your WordPress website from a hack – diy first time accurately

It can be frustrating, costly and a bit scary when your website gets hacked.

Most hosting companies will simply ban or disable your WordPress website if it gets hacked.

Most quotes are around the USD$250 to clean your website for you – you can do it yourself for free.

Here’s a few simple steps, you can do it yourself.

• backup your website
• take a copy of wp-config.php
• delete all *.php files in your main WordPress folder, and put back wp-config.php
• delete these folders : wp-admin, wp-includes. You should keep wp-content , but delete other folder if you are unsure.
• check wp-content folder (and sub folders) for any suspect files, any *.php files. just delete anything that isn’t data from your media library.
• download latest.zip or latest.tar.gz from  https://wordpress.org/download/ – unzip/untar this and copy it’s contents on top of your WordPress install.
• go into your plugins folder. for each folder in there, search the folder name in https://wordpress.org/plugins/ . Download the latest copy of each plugin, delete the plugin folder from your install, and unzip the fresh copy you downloaded.
• go into your themes folder. delete unused themes. upgrade them the similarly to the plugins.
• that should clean almost all hacks – and get your site back online. You might have to open a support request for your hosting company to rescan your site.
• once your website is back online, install WordFence and to a scan with ‘high sensitivity’ enabled.

Of course you could instead use our hosting at wpdone – with all our security and guarantees.

By Scott Farrell on September 5th, 2018 , Follow @scott_WordPress Tweet to @scott_WordPress