WordPress Security – Fix a hacked WordPress website

Kaushal Bhavsar’s interview on Wanacry and Ransomware
May 17, 2017
How to choose the correct SSL Certificate
July 8, 2017
Show all

WordPress Security – Fix a hacked WordPress website

WordPress is a popular web content management system. Originally started as a blogging platform WordPress became the de-facto content management system for web designers. Since WordPress is dynamic it allows developers and designers to create a rich web experience for their users. Also because it is open source there are a plentiful of plugins available for almost every need.

However this very popularity has been the cause of attention to malicious people aka hackers. So it’s not uncommon to wake up one morning and find out a skull flag hoisted on your site.

But don’t worry – we have the steps you need to follow to fix your site.


Step 1: Don’t panic

Most people panic as soon as they see their website is hacked. In many cases the site owners are informed by a friend, visitor or even customer. Sure, it might be anxious for you but sites often get hacked – it’s how you react to the hacking incident that matters. If you call your hosting company chances are they will not help. You can ask some security expert but they will charge $$$$$ for a five minute task. So just control your temper and follow the instructions.


Step 2: Connect to your FTP server

In most of the cases you might have used a FTP account to upload WordPress files on a server. However on newer servers you get software packages like Softaculous which allow you to install WordPress directly from your web hosting control panel.

You might be tempted to delete all files and install WordPress all over again – but isn’t that a lot of time? Plus, your WordPress installation will never be the same again. You simply can’t just restore all plugins, themes as well as on-the-fly customizations you have made. Best way is to connect via FTP and change the only file that is affected. We will see that in next step.


Step 3: Examine index.php

Once you are connected via FTP navigate to the index.php file that is in the root directory of your WordPress installation, right before license.txt.


Download this file to your computer and open it in your favourite text editor. FTP software like FileZilla allows you to edit files. You can also use your web hosting control panel’s File Manager, it will allow you to view and edit files in the browser.

See the index.php source code for any suspicious code.


Step 4: Create a new index.php

If the site is hacked, mostly the index.php file is replaced with another index.php file with malicious code. In some cases an alternate index.html file is used. If you are having a WordPress site you can safely delete the index.html file.

Now observe the code of index.html. It should look like this:

 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 * @package WordPress

 * Tells WordPress to load the WordPress theme and output it.
 * @var bool
define('WP_USE_THEMES', true);

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );

If the contents of index.php are not like this, replace all contents with the above code. Save the index.php file.

Step 5: Upload and relax

Now you can upload the index.php file. Refresh your browser to reload the website and confirm that you can see it as it was before.

Please note that this solution is not general but works in most common cases. In case of complicated issue contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay in touch with us