In case you want to partially replace your site files, you can still remove and replace specific content manually. But you should do this as this might miss to replace the infected files.
.htaccess file
A code is inserted by the hackers into the standard WordPress .htaccess file. It would be best to completely remove the old, hacked .htaccess and generate a new one:
- Using FTP, log in to your server.
- Check that your FTP client is set to view hidden files.
- If the old hacked .htaccess file is present, delete it.
- Go to WordPress Dashboard, find Setting > Permalinks and re-save its permalink settings.
The direct URL for the page is http://example.com/wp-admin/options-permalink.php (here replace example.com with your WordPress site).
The base .htaccess gets recreated.
How to Handle Unused Installs?
In case you have an old installs that you aren’t using now, you should upgrade it to strengthen the security or delete it completely.
Upgrading in the WordPress Dashboard
Whenever a new version of WordPress is launched, you get a notification on every screen that an upgrade is available:
Click on ‘Updates’ in the left-hand column to update.
You will get the following page:
Upgrading via SSH
It is possible to upgrade WordPress via SSH as below:
First check if SSH is enabled on your account by the web host. Next, login to your server by typing the below code on the command line:
ssh user@mydomain.com
After this you will asked for your password. Generally, the user and the password are same as your FTP account but they might differ sometimes.
Once logged in, browse the public_html directory present where WordPress is installed. Navigate to the sub-directory if you are using it. Then, type the below code to download the latest WordPress files:
wget http://wordpress.org/latest.tar.gz
Next, type the below code to decompress the file:
tar xfz latest.tar.gz
Now, you will need to delete the wp-admin and wp-includes directories using the following commands:
rm -rf ./wp-includes
rm -rf ./wp-admin
Then move the new wp-admin and wp-includes directories to the root with the below commands:
mv ./wordpress/wp-admin ./
mv ./wordpress/wp-includes ./
Enter the WordPress directory with
cd wordpress
Next, copy its content to the parent directory (i.e. root directory) by overwriting the old ones:
cp -rpf -f * ../
Go back to the root directory by typing “cd..” and delete both the tar files you previously downloaded and wordpress directory using the below code:
rm -rf ./wordpress/
rm -f latest.tar.gz
Finally, you will just need to run the upgrade script on your WordPress install (i.e., domain.com/wp-admin/upgraded.php).
Upgrading WordPress via Softaculous
- Click on Softaculous App Installer.
- Go to the All Installations icon in the top toolbar.
- You will land on a Scripts Installations page. Then click on the upgrade icon:
Note: Prior to upgrading, make sure you take the backup of your website. For this, tick the box besides Create Backup.
- Click on the Upgrade button.
- You will see a progress bar on the screen and when the upgrade process gets completed the following message will get displayed:
Congratulations, the software was upgraded successfully.
Deleting a WordPress Install Through Softaculous
Prior to starting with the deletion process, you will need to have an access to your hosting control panel.
Note: In case you have old WordPress install at example.com and one more site at example.com/othersite/ and if you click on Delete all Files button, it will delete everything right from the non-WordPress site at example.com/othersite.
- Firstly, take the backup of your website. Since you have installed your WordPress CMS using Softaculous App Installer, you can remove WordPress within few clicks.
- Go to control panel and open Softaculous App Installer.
- Then search for the WordPress icon on the Top Scripts page.
- You will see your current WordPress installations. Find the Options section and press on “X” in red.
- You will now be asked for confirmation of removing the installation so click on Remove Installation. Now you will get a notification informing that the installation is successfully removed.
Deleting WordPress Using FTP
- Check that your FTP client is set up to view hidden files.
- Next, delete all files that start with “wp-“.
- Delete all directories that start with “wp-“.
- Delete the below files (if present):
- htaccess
- index.php
- xmlrpc.php
- readme.html
- license.txt
Now, only the files that you have uploaded will be available in the directory. If you still find the files there that you don’t recognize, check them carefully as those might be placed there by a hacker. If you are confident that you won’t require these files, you can delete them.
Deleting a WordPress Install Using SSH
- Log into your server using SSH.
- Go to your WordPress install directory.
- Execute following command all on one line. This will delete all WordPress files:
Note: With this command all files will get deleted permanently and there is no way to recover them once you run the command. Confirm first if you wish to permanently delete all WordPress files prior to running this command.
How to Manually Manage Plugins?
You should always keep your plugins updated. This is to avoid being hacked. Check the below article for instructions on keeping your plugins updated:
- Updating WordPress plugins
Updating Plugins via SSH
The WP CLI interface can be used to update plugins via SSH. Check the below steps to update plugins via SSH:
It’s assumed that you are already connected to your server via SSH. Run the below command, here the plugin to be updated is Akismet. You will just need to replace the plugin name:
wp plugin update akismet
Disabling Plugins via FTP
You can also disable plugins via FTP with the below steps:
- Log into your server using FTP or SSH. (In this example Filezilla is used).
- Ensure that you have logged in to your WordPress site’s directory.
- Click on the ‘/wp-content’ directory. Here you will see the /plugins directory.
- Change the name of the /plugins directory to /plugins_OFF. This will immediately disable all plugins.
- Check your site again to see if the plugins have been disabled.
Keep Your Theme Up To Date
Check the below article for keeping your theme up to date:
- Update Your WordPress Theme
In this way, you can fix a specific content in a hacked WordPress site