You've Been Hacked, Now What? Getting WordPress Up and Running Again

Post on 16-Apr-2017

256 views 1 download


You’ve Been Hacked. Now What?Getting WordPress Up and Running Again

Jeremy Green


[photo of freaked out]

Where Do I Begin?

1. Backup Hacked Site Files

• Site files

• Database

2. Got Shared Hosting?

your site infected site



3. Update FTP and MySQL Passwords

Option #1 Restore From a Backup

Manual Method

1. Drop infected database tables

2. Import Clean Database Tables

3. Delete Infected Site Files

4. Upload Clean Site Files

5. Enter URL and Database Settings

Using BackupBuddy

1. Find Backup and ImportBuddy Files

2. Upload Files to Your Server

3. Navigate to ImportBuddy URL

4. Choose Backup File

5. Enter URL and Database Settings

5. Enter URL and Database Settings

That’s great, but…

I don’t have a backup…

I don’t have a backup…

Option #2 Start From Scratch

1. Download Everything Fresh




2. Delete WP files on Your Server

3. Upload Fresh Files

4. Move Uploads Folder

5. Go to

6. Update WP Admin Passwords

5. Enter URL and Database Settings

That’s great, but…

I have a custom theme/plugin/etc…

Check Theme Files for Backdoors

• eval()

• base64()

• <iframe>

Check Theme Files for Backdoors

Sort Files by Date Modified

Check for Suspicious Files

5. Enter URL and Database Settings

That’s great, but…

Hire a professional.

Jeremy Green
