In this article, we’ll include the most common cases of WordPress hacks, ways to spot them, and the different ways to resolve them. If you face such a situation, it is recommended that you contact a professional web developer for further assistance.
Note:
- Ensure that you take a backup of your website before making any changes. If you face any issues, contact our 24/7 Live Support for assistance.
- To ensure that your WordPress website does not get hacked in the future, ensure to scan your hosting account with an antivirus, remove any malicious or suspicious files, and update all the themes and plugins of your website to their latest versions.
Table of Contents
1. Missing Default Files
2. Use Wordfence Plugin
3. Replace the Missing Files
4. Replace All the Default WordPress Files
5. Missing Theme or Plugin Files
6. Malicious Redirects
1. Missing Default Files
This issue often occurs due to a variety of factors but the most common one is when your installation files are infected with malicious code.
If your WordPress default files get infected, you might get the below errors:
- A blank page
- A 500 error page
- A page with the message: “This site is experiencing technical issues” (If your WordPress version is 5.2.2 or further), etc.
For resolving this issue, follow the instructions below:
- Checking the error_log file of your website
For searching the exact cause of the issue on your website, check the error_log file. This file holds records of any critical website errors that have occurred.
You can find this file in the root folder of the installation:
- If your website’s domain name is the main domain name, then its root folder is public_html. For checking this, go to your cPanel Account >> Files Manager menu.
- If your domain name is an addon, check its root folder in your cPanel account >> Addon domains menu. Simply click on the link in front of the domain name as shown below:
Then you will be redirected to the root folder of the domain name.
Here, you can search for the error_log file. If the file is present follow the below steps:
1. Right-click on error_log file >> click on View to check it:
2. In the error_log file, you might see this message: “No such file or directory in…” as well as the path to the missing file. This error represents that the file required for the actual work of the website is missing.
For example, here there is one such file:
/home/cPuser/public_html/wp-settings.php
- Enabling display_errors PHP option
Suppose the error_log file is not present in the root folder of your website, it is possible to enable the display_errors PHP option via the Select PHP version menu in your cPanel account. When this option is enabled, you can see the error directly on your website.
Note: For avoiding website vulnerabilities, the display_errors option needs to be disabled after the issue is resolved.
1. For enabling this option, log in to your cPanel account >> Select PHP Version >> click on Options:
2. Then, tick the checkbox in front of the display_errors option:
3. In case the default files are missing, you will see one of the similar errors on your website:
4. The above error represents that the default wp-settings.php file is missing.
2. Use Wordfence Plugin
If someone injects a malicious code in your blog’s code, the Wordfence plugin helps you to find it. You simply need to install the plugin as below:
Go to your WordPress blog dashboard, on the left-side menu click on Plugins >> Add New. Then search for Wordfence in the search box and click on Install button as shown below:
After the installation, click on the Activate button to activate the plugin.
You can see the plugin in the list of Installed plugins once it gets activated.
Then from the left-side menu, click on Wordfence >> Scan. This will open the Scan dashboard. Here click on the button Start New Scan.
This will scan the blog for malicious code and display the results. If there is a malicious code inserted in your blog, you can identify it as below:
To resolve this issue, it is needed to just clean the code highlighted in red color.
3. Replace the Missing Files
The file structure of WordPress CMS is pretty straightforward and so it is easy to do the replacement in just a few steps. It is recommended to replace default files because it will help in fixing all files that are actually corrupted by the virus. Ensure that you do it cautiously because replacing some files and folders might lead to data loss.
Note: Ensure to take a backup of your website before making any changes. If you installed WordPress with the Softaculous Apps Installer, please follow the steps in this guide to create a backup.
For replacing the missing WordPress files, follow the steps below:
1. Log in to your cPanel Account >> Softaculous Apps Installer:
2. Now create a new installation for your website in the subfolder. This can be done by clicking on the WordPress icon >> Install:
3. Then you will get redirected to the installation menu. Select your website from the drop-down menu and type the name of the subfolder within the In Directory field. For example, here we will use fix:
Please Note: When you replace all the default files, it will automatically upgrade your installation to the version of the “fix” installation. In case the current version of your WordPress website is crucial or if you want to only replace some of the files, ensure to check the version of your website in /wp-includes/version.php file and create the installation of the same version. Don’t mix the files of the different versions as it will most likely affect the functionality of your website:
You can change the version for the new installation in the installation window:
4. Scroll to the bottom of the page and click Install once you’re done.
5. You will find your new installation files in the File Manager >> your domain name’s root folder:
6. Double-click on the folder to open it. For replacing only the missing file (e.g. wp-settings.php), first find the file in the new installation folder:
7. Shift this file to the root folder of your website that should be fixed. Right-click on the file >> Move >> type the path to your website’s root folder >> Move File(s). (Here it is public_html folder):
That’s it! Now you have recovered the missing file and your website should be up.
4. Replace All the Default WordPress Files
1. Log in to the cPanel Account >> Softaculous Apps Installer:
2. In the subfolder, create a new installation for your website. For this, click on the WordPress icon >> Install:
3. Then you will be redirected to the installation menu. Select your website from the drop-down menu and type the subfolder’s name within the In Directory field. Here it will be fix:
Please Note: When you replace all the default files, it will automatically upgrade your installation to the version of the “fix” installation. In case the current version of your WordPress website is crucial or if you want to only replace some of the files, ensure to check the website’s version in /wp-includes/version.php file and then create the installation of the similar version. Don’t mix the files of the different versions as it will most likely affect the functionality of your website:
You can change the version for the new installation in the installation window:
4. Scroll to the bottom of the page and click Install once you’re done.
5. You will find your new installation files in the File Manager >> your domain name’s root folder:
6. Remove the wp-config.php files, .htaccess, and wp-content folder of the newly-created installation. These files are responsible for the content and performance of your website:
7. Shift the other files to the root folder of your website. For this, click Select All >> Move >> type the path to your website’s root folder:
That’s it! You can now check your website.
In case your website isn’t working properly, please check the error_log again. Most likely the reason for this is missing files of a theme or plugin.
5. Missing Theme or Plugin Files
This issue often occurs due to different factors and one of the most common is due to maliciously infected installation files.
If your WordPress plugin files are missing, you might see the below errors:
- A blank page
- A 500 error page
- A page displaying the message: “This site is experiencing technical issues” (starting from 5.2.2 WordPress version), etc.
- A “broken” page
One of these errors can also be found in the error_log file or on your website:
PHP Fatal error: Uncaught Error: Call to undefined function sample_function() in /home/cPaneluser/public_html/wp-content/themes /sampletheme/header.php:8
For example, a broken plugin error looks as below:
PHP Warning: require(/home/cPaneluser/public_html/wp-content/plugins/woocommerce/includes/wc-account-functions.php): failed to open stream: No such file or directory in /home/cPaneluser/public_html/wp-content/plugins/woocommerce/includes/wc-core-functions.php on line 26 PHP Fatal error: require(): Failed opening required '/home/cPaneluser/public_html/wp-content/plugins/woocommerce/includes/wc-account -functions.php' (include_path='.:/opt/alt/php72/usr/share/pear') in /home/cPaneluser/public_html/wp-content/plugins/woocommerce /includes/wc-core-functions.php on line 26
This error indicates that the file required for the plugin to work is missing:
For replacing the missing file, you will need to re-install the affected theme or plugin.
Note: The wp-vcd.php virus is the main cause of the absence of the functions.php file in your website’s theme which you can find it the /wp-includes folder.
To verify if the newly-installed theme isn’t affected, remove the file in advance if it is present or replace all the default installation files to be safe.
6. Malicious Redirects
When your website is affected by the virus, it may start redirecting to malicious pages:
Note: If you don’t want a virus to enter your PC, avoid clicking on any website links you are redirected to.
Mostly a non-secure theme or plugin are the reasons behind such an issue and this enables them to modify database URLs and the files of your website.
The solution to this issue is as listed below:
1. Search your database name in the wp-config.php file. Navigate to cPanel >> Databases section >> phpMyAdmin menu:
2. Click on + icon next to your cPanel username to check the list of the databases, find the database for your WordPress website, and click on it. Then, select wp_options table (wp_ is the database prefix and it can vary for your installation):
3. In the option_value fields, verify the values of siteurl and home rows:
4. Replace the incorrect fields using your actual domain name.
5. Find similar links in your database and replace them by following this guide.
6. Replace the .htaccess file of your website temporarily with the default one. You can rename the existing one and create a new .htaccess file.
For renaming the existing one, double-click on the file, rename it, and click Enter to save. To create a new one, click +File >> type .htaccess >> Create New File:
After doing this, right click on the newly-created file >> Edit >> paste the rule below >> click Save Changes:
# BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress
If your website is still redirecting, try replacing the default files.
Temporarily disabling all the plugins might also help. In case one of them is causing the redirect, enable them one-by-one to find which one is causing this issue.
That’s it!
Hope all these solutions will help you to bring your WordPress website back to normal.