Lots of WordPress sites are affected by malware programs or hacked by someone nowadays. The list of hacked websites is increasing day by day. Lots of people are using outdated and nulled plugins and themes. Attackers attack the websites by the security holes found in the plugins and themes. This is the main reason why they offer premium plugins and themes for free download. Avoid the outdated and nulled themes and plugins if you want to protect your website from this type of attacks.
In this tutorial, You will find out how to recover the hacked WordPress websites in few simple steps. Follow these steps carefully to clear the files injected with malware programs.
We need to completely remove and reinstall all WordPress files and folders from the public_html folder exclude wp-config.php and uploads folder. WordPress has more number of PHP files, so we can’t find the attacked files exactly. This is the reason why we recommend to reinstall all files completely.
1 Open the
File Manager on your panel.
2 Delete all files and folders from the
Public_html folder exclude
wp-config.php and
wp-content/uploads.
3 Open
wp-content folder and remove all files and folder exclude
uploads folder, because all the uploaded images and other files were stored in the uploads folder.
4 Search for the
.php files in your webdisk.
5 If you found any PHP files inside the
wp-content/uploads folder, find and delete that PHP files immediately.
6 Create a new file
w.php in your public_html folder. Edit that file, then copy & paste the below PHP code. Press save to save the file.
<?php
$a=file_put_contents("w.zip", fopen("https://wordpress.org/latest.zip", 'r'));
$zip = new ZipArchive;
if ($zip->open('w.zip') === TRUE) {
$zip->extractTo('.');
exec('cp -r wordpress/* . && rm -f w.zip && rm -rf wordpress && rm -f w.php');
}
7 Open http://yourwebsite.com/w.php in Firefox or Chrome web browser. It will take some time to reinstall your website’s WP files.
8 Login to your WordPress Dashboard after the reinstalling process has completed. Change the theme to live the website from the default theme.