top of page
  • Writer's picturekyle Hailey

Recovering a hacked wordpress site


A friend’s wordpress site just got hacked, so reposting this info which I have found useful a number of times.

OK,  so wordpress got hacked. I’ve had problems with this in the past and tried tactical surgery, but this time decided to do a full re-install. My first attempt today left me with the wordpress blank screen of death, so here I’m outlining the steps I took that finally got the new version working:

   back up wordpress database

   # go onto hosting box and downloaded new workdpress :
   # there are better ways to download wordpress than zip, but this worked for me
   lynx -source -dump >
   curl  --O
   mv wordpress
   cp wp-config-sample.php wp-config.php
   vi wp-config.php
      # change mysql info
      /** The name of the database for WordPress */
      define('DB_NAME', 'mydbname');
      /** MySQL database username */
      define('DB_USER', 'mydbuser');
      /** MySQL database password */
      define('DB_PASSWORD', 'mydbpassowrd');
      /** MySQL hostname */
      define('DB_HOST', '');
      # added new keys
      # get keys at
      # replacing  these lines
      # define('AUTH_KEY',         'put your unique phrase here');
      # define('SECURE_AUTH_KEY',  'put your unique phrase here');
      # define('LOGGED_IN_KEY',    'put your unique phrase here');
      # define('NONCE_KEY',        'put your unique phrase here');
      # define('AUTH_SALT',        'put your unique phrase here');
      # define('SECURE_AUTH_SALT', 'put your unique phrase here');
      # define('LOGGED_IN_SALT',   'put your unique phrase here');
      # define('NONCE_SALT',       'put your unique phrase here');
      # save file

    cp .htaccess .htaccess.orig
    # the downloaded .htaccess was giving me 404 errors
    # so I used the one from the previous blog. Not sure
    # if it's fully up to date but at least it got me going
    vi .htaccess
      # include these lines
      # BEGIN WordPress
       RewriteEngine On
       RewriteBase /
       RewriteRule ^index\.php$ - [L]
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteRule . /index.php [L]
       # END WordPress

    cp -R  ../        wp-content
    cp -R  ../       wp-content
    cp -R  ../  wp-content

    reinstall plugins, in my case I use these:

   For more info see

       suggest reinstall and checking wordpress database for these code usages for possible hacks
       SELECT * FROM wp_posts WHERE post_content LIKE '%<iframe%'
       SELECT * FROM wp_posts WHERE post_content LIKE '%<noscript%'
       SELECT * FROM wp_posts WHERE post_content LIKE '%display:%'
       check for usage of  base64_decode()
0 views0 comments


bottom of page