WordPress Hack Recovery Checklist

Services: Law Firm Website Design . SEO . Internet Marketing . Law Firm Marketing Guide . Content Marketing . PPC

Recovering From a Hack

If your WordPress site has ever been hacked, you might need a checklist to cover everything. Here is a quick one that we have used to help a few site owners in need:

  1. Download new WP and upload to New Directory on the server. This starts you with a clean slate.
  2. Check to see if you have local copies of the theme folder. Use those old, uncorrupted files for the new installation.
  3. If you do not have local copies of the theme files, then you need to transfer over the potentially hacked theme files and upload files only.
    1. First, download and check all theme files for the hack. Usually the hack is added code to the header and footers of common files.
    2. Search for any javascript code of base64 encodes, as that is the hack of choice lately.
    3. Remove any unnecessary files that you are unsure of their purpose.
  4. Move over themes files to the new install once cleaned.
  5. Check your WP users for any unauthorized WP users and delete them.
  6. Change all WP user passwords.
  7. Check your database for any odd/new data.
  8. Reset FTP Passwords for all users.
  9. Remove any Shell Access in the control panel if not needed
  10. Reset Hosting Control Password
  11. Reset Database Password for WP
  12. Update new wp-config.php file to your new settings.
  13. Salt the wp-config.php file.
  14. Swap the installs, by moving the old WP to a sub-directory and the new installation to the old location. This makes the new site live.
  15. Test the site to make sure the theme works, the hack is gone, that plugins work and all uploads work.
  16. Delete old WP installation once you pass all tests.
  17. Reset CHMOD Permissions to all transferred files. The new WP install should have all the correct permissions, but any transferred files might be corrupted and have 777 access or other odd access permissions.
  18. Install Security Plugins such as WP Lockdown, WP Security Admin Tools
  19. Change the default user from admin to something else.
  20. Change the WP database table names, if possible.

If you have any other tips, feel free to let us know.

Move over themes files to the new install once cleaned.

Related Posts

Ready to Take Your Website to the Next Level? Great Ideas & Results Only a Phone Call Away

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Let's get started.

Leave a Reply

Your email address will not be published. Required fields are marked *