My process for cleaning a hacked site includes
- changing all credentials (user/pass) on hosting, FTP, WP (don’t use an admin-level user called ‘admin’)
- updating everything- from the repository – WP, themes, plugins. Remove old/unused plugins and themes
- use FTP of file manager to check every folder for files that look out of place (look at the datestamp of the files; since you updated everything, the bad files should be easily visible)
- look at the generated pages source for things that shouldn’t be there.
There is guidance all over the googles about cleaning hackedsites. And I wrote up a procedure that I use here: https://securitydawg.com/recovering-from-a-hacked-wordpress-site/
It can be done, just takes a bit of work.
Related Posts:
- Could a user account with a stolen password compromised entire WP site?
- Verifying that I have fully removed a WordPress hack?
- If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
- Where to securely store API keys and passwords in WordPress?
- Why are passwords exportable as plain text in WordPress?
- Tips for finding SPAM links injected into the_content
- How is password strength calculated?
- Make password invalid once logged out of password-protected page
- What should I do about hacked server?
- How can I find security hole in my wordpress site?
- Can’t reset WordPress password
- Is the “lost password” feature truly a vulnerability?
- How to prevent bot or someone to modify any file automatically?
- Frontend Password change
- Is it possible to reduce the minimum character length for passwords?
- wp-config.php modified?
- Is there any point setting the keys and salts in wp-config.php?
- Suspicious Files
- How to prevent wp-login brute force attack from thousand of different IP? [duplicate]
- When is wp_set_password() called or how to capture a password
- Moving away from MD5: Where to declare the custom global $wp_hasher?
- How to get WordPress to send Password Reset Link Email instead of New Password?
- Malware script in database post table only? [closed]
- Verifying that I have fully removed a WordPress hack?
- How can I safely hide the fact that my website runs on WordPress? [closed]
- My WordPress Websites are always under attack
- How to find exploited wordpress plugin [closed]
- Basic password protection without using users and roles
- How can I force a specific password?
- Can a WordPress administrator see other users’ passwords?
- Any known bugs that could cause disappearance of the wp_users table?
- On new server, site got hacked, permissions a bit strange? Please help
- Replace domain in database
- Remove hacked code – out of ideas! [closed]
- After limiting the access to my wp-login.php by IP through .htaccess, all my password-protected posts stopped working. What’s the best solution now?
- WordPress Database Re-installed (Hacked)
- Verifying that I have fully removed a WordPress hack?
- Password-protect feed and make it usable in major aggregators
- how to find the way they hacked my WP site
- How to set custom validation for WordPress Passwords?
- How to stop repeated hack on header.php of custom theme? [closed]
- My WP site and password was hacked, what to do? [closed]
- Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]
- WordPress Hacks/Defacing [closed]
- How to get real password (before encrypt) when register a user?
- Directory to store secure file
- Can you alter the default wordpress strong password requirements?
- SSL Error: unable to get local issuer certificate
- When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
- Why does the URL http://a/%%30%30 crash Google Chrome?
- When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
- Can an attacker use inspect element harmfully?
- WordPress 4.7.1 REST API still exposing users
- Should I escape wordpress functions like the_title, the_excerpt, the_content
- Why does WordPress need my private ssh key to update?
- When to use esc_html and when to use sanitize_text_field?
- Will there be security updates for 3.1 once 3.2 is released?
- multi page password protection
- WordPress it’s cleaning a custom query_var to avoid sql injections?
- Can someone explain the use cases of esc_html?
- Is WordPress vulnerable to the httpoxy?
- wp.getUsersBlogs XMLRPC Brute Force Attack/Vulnerability
- Is there a security risk giving someone temporary access to my blog’s code?
- How to properly sanitize/secure a WP Query coming from the front end
- Website is being flooded [closed]
- password protected post policy
- Security issues with WP sites
- Where to store OAuth 2.0 client id and secret?
- Security – Shortcode injection attack
- How can I safely use $_SERVER[‘REQUEST_URI’] to avoid XSS?
- Dangers to allowing Access-Control-Allow-Origin: * for Feeds only?
- Would it be dangerous to send all the wp_options to javascript file?
- Changing Table Prefixes – once done, am I good to go going forward?
- Force user to change their password on the frontend at the first login and password policy
- How can I display nickname instead username in links
- Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
- Secure WordPress: Change admin
- Changing the default header name
- Is it safe to use a global wp nonce per user instead of a nonce per action?
- Wordfence detects change in wp-admin/includes/upgrade.php
- Password minimum length in personal subscription [closed]
- Will there be security updates for WordPress 4.9.9
- Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
- 404/500 error on content images if Referer header is from another domain [closed]
- Content-Security-Policy blocks WordPress check boxes from being activated
- Restrict Access without Creating Users
- Switching between security plugins is a risk?
- How to obfuscate wp-config.php or code
- Are major WordPress updates mandatory for security?
- i moved wp-config.php outside of public html and this broke my website
- Is it safe to use the basic administration with reduced rights for private member space
- How can I stop other plugins from using my class’ sensitive methods?
- wordpress security (only one part of the site)
- Folder Permissions + Security Concerns
- Malware/Permission bug removal?
- What techniques can a user employ to achieve a password rated “strong” in the WordPress password checker
- is this code properly secured
- nginx + wordpress: Best practices for configuring it to be secure, reliable, and fast? [closed]
- SSH keypair generation: RSA or DSA?
- WordPress – tracking options