Cleaning Infected Sites

When a website (including a WordPress site) gets “hacked”, we can sometimes restore a backup from before the infection. In other cases, an investigation will reveal that the site has been infected for a long time and all of the backups are infected. This makes it impossible to fix a site by restoring an old copy, of course. A related situation is when a customer transfers an infected site to our servers.

In both of these cases, there’s no easy way to ensure that all infections have been removed. Security experts agree that in these situations, the only safe course is to start over with a new set of script files.

We recognize that “replace all the files” sounds overwhelming, but it isn’t nearly as bad as it sounds. For WordPress, you would:

  1. Delete all the existing PHP files, but not the database or any non-PHP files in “/wp-content/uploads”;
  2. Reinstall a fresh copy of the WordPress files using our WordPress installer;
  3. Connect the new files to the old database by modifying the wp-config.php file;
  4. Use the WordPress dashboard to reinstall the latest versions of any plugins and themes you want to keep;
  5. Change your WordPress passwords and make sure the hackers didn’t add any new users.

We can do steps 1-3 for you if you have trouble. We can also do step 4 for you if the site uses only free plugins and themes (you’ll need to reinstall any paid plugins or themes yourself). Step 5 you can do yourself within the WordPress dashboard.

After this is done, you may also need to “tweak” your site to account for new versions of WordPress or your plugins or themes, but that’s the same thing you would have needed to do if you updated them normally over time.

Doing this (and keeping your themes and plugins updated in the future) will permanently fix almost all “hacked” WordPress sites. It should take an hour or two for an average site — and importantly, it takes far less time, expense and effort than dealing with your site later being blacklisted by Google and other services, which is likely to happen if you don’t fix it.