How to reset wordpress when infected

The WordPress site is poisoned by the use of unspecified themes / plugins (if you do not use pirated software) or a simple password that is easily guessed by our users.
Currently when the site is infected with malicious code, there are usually three scenarios are as follows:

  1. Home page has been changed to a warning page that has been hacked accompanied by majestic music.
  2. Website silently sends out phishing and spam emails on hosts without their knowledge.
  3. Website contains hidden links advertising sex toys, gambling, phishing scam.
And when your website falls into these cases, the hosting provider will lock up. If you use VPS will be warned or locked if the script falls into the number 1 and the domain name falls into the blacklist sooner or later, the site will be dropped search engine ranking, when accessed with Google Chrome. There will be red alert that this website is very dangerous.

But it is not difficult to make a website hacked, just use a full copyrighted product, set a complex password, and set up iThemes Security. If you use the Hosting should choose the hosting provider using CloudLinux StableHost, Hawkhost, ... which used to avoid being infected by the neighbor's neighbor.


We often visit the site asking for tools to scan the malicious code when falling into these cases, but the sad news is that you do not have any tools to help you remove the malicious code, I swear. There is only one malicious service that I know and use that is Sucuri Antivirus at very expensive price and you have to accept if you need to completely remove the malicious code. But after the removal is complete, not sure the site is really clean but only one way: Reset from the beginning.
Installing a website from scratch is the only way to get your website clean. Installing a website does not mean that you will rewrite the content or the product because the data will be saved to the database, but the good news is that no malicious code attaches to your database. Installing the website means that we will retrieve the soft data stored in the database at the old site, then install the new website and import the data into it, then reset the plugin and theme from the beginning with clearer source.
In this article, I will guide you in detail how this works.


Step 1. Install the new website

Now set up a new WordPress website on the host or localhost and use a different domain name to run this website to make sure you have access to both the new website and the old site for easy checking and comparison.
Then open the wp-config.php file of the new website and insert the following into <? Php:
Change to the new website address.

Step 2. Backup data on the old site

First, go to phpMyAdmin to export the database of the website you are using and download it. If your host does not have phpMyAdmin, then you can use the BackWPUp plugin to backup the database and download it, just the database.
Next, bring up the folder containing the upload images in / wp-content / uploads / 2017, 2016, 2015, 2014, .... Note that only folders containing upload images, other directories do not need to be taken to ensure safety. If you use Hosting then you can go to File Manager using Compress to compress these folders and download. Or if you install a new website on the same host, you do not need to download, just copy the directory to / wp-content / uploads / in the new website directory.

Step 3. Import old data into new website

Now go to phpMyAdmin at the host (or localhost) running the new website and find the database name of the website, then click Import and upload the .sql file that you obtained in step 1..
Error importing database
If you get an error when importing the database, create a new database and import it into the new database. Then set up the website using the new database offline
When you finish typing, look at the name of the data table with the prefix wp_ or another prefix. If you use a prefix name other than wp_, open the wp-config.php file at the new website, find $ table_prefix, and replace wp_ with the prefix of the database table. For example, if you have a table named 38dug_options in the database, it will change to:
$table_prefix = '38dug_';
Then upload the image files in the old website running on the host (wp-content / uploads) to the wp-content / uploads directory in the new website to ensure the image is not lost.
To test, you can access the Media Library on the new website to see if the image is fully displayed. If the image shows normal then it is complete.

Step 4. Reinstall the theme more safely

Now your next step is to reset the theme on the website. If you use premium theme, it is best to buy the theme rights to ensure more, updated the new version often if security hole occurs.
On this step, you probably do not need to say it, when the theme is installed if the theme requires a plugin that you can install plugins because the theme is very secure so you can be completely assured.

Step 5. Upload the source code to the main website

Once you have set up the website complete and start using. Please go to the old site and delete all the data on the host, then transfer the source code of your new website to host the directory of the main website. In this step, you do the same thing as moving a normal website including two steps:
  1. Backup and restore the new website source code to the host.
  2. Backup database and restore database on host.
After the transfer is completed, open the wp-config.php file of the new website on the host and revise WP_HOME, WP_SITEURL to the main website address. Example:
This will ensure that you can access the new website under the main domain name of the website.

Step 6. Replace the website address in the database

Now log into the new website on the host and install the Better Search Replace plugin, then go to Tools -> Better Search Replace and find the old domain name in all database tables and change to the new domain, uncheck Run as dry. Run as shown below.
So all the links in the website are using the old domain will be changed to the new domain without having to do it manually.

Last step. Set up security for WordPress website

As soon as the website is complete, proceed to set up security for the website. Take a look at the full WordPress Security series and follow the steps to increase the security of your website.
And most importantly, do not use unknowingly shared plugins / themes as this is the cause of 90% of known malicious code cases. If you do not install something strange on your website, complex admin password, good security plugin setup, then you will not need to worry about security solutions anymore.
Wishing your website will be restored soon and stable operation.

0 nhận xét