How to clean up hacked WordPress website

How To Clean A Hacked WordPress Site On Your Own

WordPress sites are sadly big targets for hacks. Their popularity is both good and bad. However, there is a grain of hope when your site is hacked. It’s happened often enough that people have put together a checklist of things that you can do to clean out the site and make it safe to use. To try and help with this, we’re going to be taking a look at what you need to do in order to clean out a WordPress site.

Check Core File Integrity

With WordPress sites, you’ll find that a lot of the core files do not actually need to be modified at all. You should check for changes and irregularities in the admin and root folders among others. If you find that nothing has been modified, then the core files on your site are safe.

Check For Recently Modified Files

Telltale signs of a hack is when you find files which are modified or entirely new on the site. These are indications that there’s still malicious software contained on your WordPress site. You should make a note of any modifications, and then reverse them or get assistance in reversing them. If you have access to the server, then you can use this command to find recently modified files:

“$ find ./ -type f -mtime -10”

-10 means day interval. You can also use FileZilla program. First, choose Server -> Search remote files… In the window that opens, select search conditions -> date, after, and enter the date, e.g. 10 days earlier than today.

Check The Diagnostic Pages

Another thing you can do when it comes to cleaning out your WordPress site is to check the diagnostic pages. WordPress has a few available for you to look over and make sure that everything’s as it should be. By using our Free Malware And Website Security Scanner for WordPress, you can check if there’s redirections taking place, what malicious software is still present, and facts and figures about your site.

Clean Core Website Files That Are Hacked

The thing about core files is that they can be cleaned out if they’re hacked. This means that you can remove the virus from your system. However, you need to make sure you don’t overwrite or change anything related to WordPress core. You can create fresh files to use, or work with backups which are not infected.

Clean Out Database Tables That Have Been Hacked

Database tables are often hacked, as they sometimes contain sensitive information. You need to make sure you clean them out in order to keep your website safe to use. This will involve using your database admin panel to log into the tables. You need to make a backup, then search through the system and remove anything that looks spammed or fake.

Useful commands

If you have SSH access to your server, then you can run commands to identify recently modified files. (Alternatively, use FileZilla program).

This command will show you files that were modified in the last 10 days:

“$ find ./ -type f -mtime -10”

You can also specify a directory:

“$ find /home/myname/ -type f -mtime -10”

To get the current working directory use this command:


Another useful command is grep. Grep is a powerful tool for searching plain-text data sets for lines that match a regular expression. This command:

grep -ril base64 *

It will search files that contain base64 code. Hackers are encoding malicious scripts in base64. But keep in mind that you can find “base64” in legitimate code as well.

Overall, these are the main steps that you can take in order to make sure that you successfully clean out your WordPress site. It’s crucial that you work quickly to prevent the site from being taken over and hacked again. Nothing will damage the reputation of your business faster than a website which has been hacked and taken over. It means that customers won’t feel safe when they use your site, which will prevent you from generating profits. It’s a much simpler option to take the time to clean out the site, which is easy when you use the tools provided by WordPress.

Darius S.

Similar Posts

ThreatPress API keys

Free WordPress Vulnerability Database API

Recently, we received a few queries related to our services, specifically for WordPress Vulnerability Database. So to make it clear we ...

CIA triad - information security

CIA triad in the WordPress and WooCommerce security perspective

CIA triad is an abbreviation for confidentiality, integrity, and availability. The CIA triad is considered to be the basis for all ...

PCI compliance WooCommerce

What is PCI compliance and do you need it for your WooCommerce store

PCI compliance or more precisely PCI DSS (Payment Card Industry Data Security Standard) developed by the Payment Card Industry Security ...

Leave a Reply

Your email address will not be published. Required fields are marked *