It can be frustrating, costly and a bit scary when your website gets hacked.
Most hosting companies will simply ban or disable your WordPress website if it gets hacked.
Most quotes are around the USD$250 to clean your website for you – you can do it yourself for free.
This is the most accurate way of cleaning hacks.
Lots of other posts rely on finding the hack – this method largely removes everything, and installs a fresh copy.
By the time you are finished WordPress core, plugins and themes are all updated.
surely you are doing this already. The best hacking cure is good backups.
If you backup right now though, you can be more confident in deleting things. You can always restore a few folders from your backup easily enough.
It would be super smart to run the recovery on your local dev environment, or a seperate server. And test that it works there.
cp wp-config.php /tmp/wp-config.php.mysitename
rm -f *.php
rm -rf wp-admin wp-includes # review for suspect folders ls -d */
# almost always delete php files in your uploads folder find wp-content/uploads/|grep php # review for suspect files find wp-content/uploads/ -type f|grep -v -i -E "jpg|png|gif|pdf|mp4" # review for cache fodlers find wp-content/uploads/ -type d|grep -i cache # only run this if you need to delete the cache folders above # find wp-content/uploads/ -type d|grep -i cache | xargs rm -f
cd /home/username #to the folder just before the real wordpress installed folder wget https://wordpress.org/latest.tar.gz mv public_html wordpress # we are just renaming the wordpress folder to wordpress tar zxvf latest.tar.gz # this will write into wordpress/ , and overwrite existing files mv wordpress public_html # rename it back
cd wp-content/plugins ls -d */ # get the first plugin name (it's called the slug, each folder is a slug) rm -rf slug # find the URL of the latest plugin version, search in https://wordpress.org/plugins/ for the slug, right click 'copy link address' wget https://downloads.wordpress.org/plugin/wp-hosting-performance-check.2.18.8.zip # paste the link after wget unzip wp-hosting-performance-check.2.18.8.zip rm -f wp-hosting-performance-check.2.18.8.zip # then do each plugin - it takes a while
cp /tmp/wp-config.pgp.yoursitename wp-config.php