If you have ever had your website hacked then you know that feeling when you first realize that all of your handwork could be lost. You have spent countless hours on different posts and webpages all for someone you don’t know to come in and ruin it. If you have never had your site hacked, let me tell you that it’s not something you want to experience and it’s a complete waste of time to fix it. You also need to consider yourself lucky because it happens much more often than you would think. Luckily for any of the unfortunate people reading this post we are going to cover how to recover your hacked site. You then might want to learn how to properly secure your WordPress site. On to the recovery steps!
1) Don’t Panic
The good news is that all of your data should still be intact. Generally, in most hacking scenarios a few pages are added to your site and your username might be changed. All of your posts, pages, images and other critical information will still be available. It’s just a matter of making your websites accessible to the masses again then continuing to keep it safe.
2) Backup Your Site and Database
I know this seems like it’s a pointless step after your website has been compromised but you can never be too safe. In case anything goes terribly wrong during the recovery you at least still have everything you need. First let’s backup the database since this is the most important piece of your website.
Backup Your Website Database
Log into cPanel >> Scroll down to Databases >> Click phpMyAdmin
**Note – if you do not know your cPanel credentials check with your web host or check your introduction email when you signed up for hosting.
On the left hand column click on your WordPress table. Generally you only two options: information_schema and your WordPress table.
Once you select your table it will expand and show everything inside of it. Select the Export tab along the top.
There is nothing to do on the next screen except click Go and save your database
Done! You now have a copy of your database. Next let’s back up your files.
Backup Your Website Files
Download and open your FTP program of choice, such as Filezilla
You will use the same credentials you used to log into cPanel. Enter your website as the host.
Under Remote site double click public html
Highlight everything in that folder. Hold down the shift key, click the top folder/file, then scroll to the bottom with shift still held down and click the bottom folder/file.
Under the Local site (this is your computer) select where you would like to save the files.
Now drag the highlighted files and folders over to the blank section or right click them and select Download.
Let this process finish and your files are now all backed up. This should only take a few minutes.
At this point we have everything backed up that we need to rebuild our site. Next we are going to delete everything to take make sure we get rid of all the malicious crap on our site. Note – please make sure you have everything saved by following the steps above. The deletion step is not reversible.
You can delete everything from FileZilla but selecting all the files and folders on the Remote site, right-clicking, and selecting delete. Deleting files from FileZilla takes longer than downloading. If you want a quicker way you can delete them from the file manager in cPanel.
In cPanel go to Files >> File Manager
Select Web Root and click Go
Highlight everything you did the same way in FileZilla and click Delete
Once the directory is empty we can move on to rebuilding the site
2a) Reset Your cPanel Password
Chances are pretty good that you have no idea how your website was hacked and unfortunately you may never know. There are a whole bunch of different ways that hackers can gain access to your site. They can range from trying to guess your username and password to vulnerabilities in a plugin you use:
- Outdated plugin or theme
- TimThumb Vulnerability
- Local Computer has a virus and is compromised
- Brute Force Attack
- Previous freelancer still has a password or installed a backdoor
One of the easier things to help protect yourself is to change your password. Just in case anyone has access to it, we can keep them out.
Under Preferences select Change Password
Choose your new password and click Change your password now! Be sure to choose a secure and easy to remember password.
2b) Scan your local computer for an infection
This step is optional but is certainly recommended. As stated above, one of the ways your site could have been compromised is through something malicious on any computer(s) that you use to connect to your WordPress site. You should ideally scan your computer before going any further just to completely sure that your machine is safe to use. Use some Malware/Antivirus software to check for anything suspect:
- McAfee Free Virus Scan
- Avast AntiVirus
- AVG Free AntiVirus
- BitDefender Antivirus Free Edition
All of the AV solutions above have a free version that is sufficient for what we need. Scanning your computer for viruses and malware is beyond the scope of this tutorial but it’s rather straight forward. If you have any questions with it or need any help you can contact me.
3) Reinstall WordPress
We are going to install a fresh copy of WordPress just to be sure we are only uploading the files we need plus we can be sure that nothing is compromised. Head over to WordPress and download the latest version. Once you save the zip file extract the files to a location you will remember.
Reconfigure WordPress For Your Database
We need to enter your database details into the WordPress config file so that it’s using all of your existing data. Navigate to the folder with the WordPress files. You will see a file name wp-config-sample.php – rename it to wp-config.php
Open the wp-config.php file with a text editor such as Notepad. Scroll down to the MySQL settings and we are going to replace some of the information. Here’s the default settings
We are going to replace database_name_here, username_here, and password_here – you will just enter the information between the ‘ and ‘. If you can’t remember your database name and username simply go back to the MySQL Databases section in cPanel. Under Current Databases you will see the Database and the User assigned to it.
Your database password should be the same as your cPanel password. One you enter your information into the wp-config file your settings should now look similar to this.
The WordPress files are ready to go for your site.
Upload WordPress to Your Website
Now we just need to complete the re-install of WordPress. Open Filezilla again so that we can upload the files onto your site.
Re-connect to your website if you need to, then open up the public_html folder
On the local site navigate to the location you just extracted the WordPress files to. Highlight all of the WordPress files and folders, then drag them over to the remote side
Once the upload has completed we are ready to load our website. Simply visit the admin page by going to yourwebsitedomain.com/wp-admin and you will probably see a “Database Update Required” message. This is common if the WordPress version we just downloaded was different than the version your site was originally running. Go ahead and click the Update WordPress Database button.
In a few seconds you should see a message that says it updated successfully, click continue.
You are now at the login screen and ready to go!
Can’t Login? Receiving an Invalid username error?
After we have restored your database you might still be having trouble logging in. If you are sure you are using your correct username but are still receiving an invalid username error don’t worry we can correct it. I have seen plenty of times when hackers will change your username and typically it’s an inappropriate word. If you are having this issue we will need to log back into cPanel and go to phpMyAdmin.
Expand the WordPress table and select the wp_users section. You will see your list of users on the right. Chances are that your username(s) will be changed.
Note: Your passwords will be a long jumbled mess. These are not actually your password, it’s just the encrypted version of your password so do not try to change or use what you see in your database.
Click Edit next to your username. Verify that the following fields are correct and if not please change them: user_login, user_nicename (this is the nickname), user_email, and display_name. Once you make the changes, click Go.
Now your username is set back to what it should be and you should be able to log in. If you can’t remember your password you can simply use the “Lost your password?” option at the login screen and a reset email will be sent to the address that you just confirmed in the database.
4) Restoring Your Media
More than likely your had plenty of media on your site whether it was images in your posts or downloads for your users. Restoring all of your uploads is rather easy and straightforward, we just want to make sure everything is safe to upload. Go to the folder that has your website backup and navigate to wp-content >> uploads. This folder contains everything that your upload to your site such as the images for your posts and pages. I would highly suggest that your scan this folder using one of the Antivirus softwares that we mentioned earlier in the article. Once the folder has been scanned and it’s clean we can upload it to your site. Open FileZilla and navigate to the wp-content folder on both the local and remote site. You should see that the local site has an upload folder but the remote site does not. This makes since because currently our remote site has a fresh install and we have not uploaded any files yet. Drag the uploads folder over to the remote site.
Once this has finished uploading you will not have all of your media back on your site. Only your theme and plugins are missing now.
5) Restoring Your Theme and Plugins
At this point your WordPress site should be up and running and completely functional. You are logged back in, your posts and pages are still intact with all of their images. You are only missing your theme and plugins that were on your site before. You have two options at this point:
1) Re-install the theme and plugins
This is the safest route as you can be sure that they are clean and you won’t have more issues from re-uploading something malicious. The one big drawback would be if you have altered your theme at all. If you made any changes to the files those would have to be made again. If you were just using a theme from the WordPress repository it’s as simple as searching for it again and activating it. One other very small drawback would be that you have to manually re-search for each plugin and install them. This only takes a few minutes however.
2) Re-upload your existing theme and plugins
Your other option is to re-upload your theme and plugins in the same way that we just uploaded your media. This route is much riskier as you are potentially upload files that could have been altered and would still give the hacker the upper hand. If at all possible I would suggest going with option number 1. If for some reason its not possible for you to re-install your theme or plugin be sure to scan it before uploading it. Once it’s clean upload it the same way as the media. Note: just because antivirus software did not find any viruses doesn’t mean there couldn’t be a re-direct or some other alteration made to the files themselves.
6) Protecting Your Website From Future Problems
It’s unfortunate that you had to spend this time and energy to fix your website because someone made you a target. Luckily you were able to get everything back in working order. At this point I highly suggest you work on securing your WordPress website to keep it out of harms way in the future. There are plenty of ways to help safeguard against hackers and they can be set up rather quickly. Download our Free Guide to WordPress Security below and you won’t have to worry about recovering your website again. We cover ways to protect yourself and how to set up automatic backups.
Have any questions? Need help with any of the steps above? Feel free to Contact us