How to Fix a Hacked WordPress Website: Steps to Take

How to Fix a Hacked WordPress Website: Steps to Take

In this article, we’ll talk about common situations where your WordPress website might get hacked, how to recognize them, and what you can do to fix them. If you ever face such a problem, it’s a good idea to reach out to a professional web developer for help. They’re experts and can assist you effectively.

IMPORTANT: Before you start making any changes to your website, ensure you have created a backup. If you used the Softaculous Apps Installer to install WordPress, follow the steps outlined in this guide to create a backup. If you encounter any difficulties, don’t hesitate to reach out to our Live Support for help. Your website’s safety is our priority!

PLEASE NOTE: To protect your WordPress website from future hacking attempts, it’s crucial to regularly scan your hosting account. Remove any files that appear malicious or suspicious, and make sure to keep all your website’s plugins and themes up to date with the latest versions. This proactive approach will help safeguard your website from potential security threats.

Steps to Effectively Deal with WordPress-Hacked Website

Missing Default Files in WordPress

One common problem that can occur is the absence of essential default files in your WordPress installation. This often happens due to various reasons, but the primary culprit is usually when your installation files become infected with malicious code. Fortunately, our Shared and Reseller Hosting servers have an antivirus system in place that quickly isolates and deals with these infected files.

When your WordPress default files are compromised, you might encounter the following issues:

  • A blank page
  • A 500-error page
  • A message stating, “This site is experiencing technical issues” (starting from WordPress version 5.2.2), and so on.

To resolve this matter, please follow the steps below.

Check the error_log file of your website

To pinpoint the exact cause of the issue on your website, you can review the error_log file. This file keeps a record of any significant errors that have occurred on your website.

You can find this file in the root folder of your installation:

  • If your website’s domain name is the primary one, the root folder is typically named “public_html.” You can locate it in your cPanel account under the “Files Manager” menu.
  • If your domain name is an addon, you can identify its root folder in your cPanel account under the “Addon domains” menu. Just click on the link associated with the domain name, as indicated in the screenshot below:

modify wp1

You’ll be directed to the root folder of the specific domain name.

Once there, you can verify the presence of the error_log file. If the file is indeed present, please proceed with the following steps:

1. Right-click on the error_log file and select “View” to open and examine it:

modify wp2

Within the error_log file, you might come across a message that reads: “No such file or directory in…” followed by the path to the missing file. This error indicates that a crucial file necessary for the proper functioning of the website is absent.

In our specific case, there is indeed a missing file:

/home/cPuser/public_html/ wp-settings.php

modify wp3

3. To restore the missing file, please proceed to the “How to replace the missing files” section in this article.

Enable the display_errors PHP option

If you cannot locate the error_log file in your website’s root folder, an alternative approach is to activate the display_errors PHP option via the “Select PHP version” menu in your cPanel account. Enabling this option allows you to view errors directly on your website.

PLEASE NOTE: To maintain website security, it’s crucial to disable the display_errors option after resolving the issue to prevent potential vulnerabilities.

modify wp4

1. To enable this option, log in to your cPanel account >> Select PHP Version >> switch to Options:

display errors 001

2. Checkmark the icon in front of the display_errors option in order to enable it:

display errors 002

3. If the default files are missing, you will now see one of the similar errors on your website:

modify wp6 1

4. The error message indicates that the default wp-settings.php file is missing. To resolve this, please proceed with the steps outlined in the “How to replace the missing files” section.

How to Replace the Missing Files

WordPress, a user-friendly Content Management System (CMS), has a straightforward file structure, making file replacement a simple process. Replacing default files is strongly recommended as it can rectify potential virus-induced corruption. However, it should be approached with great care, as replacing certain files and folders may result in data loss.

IMPORTANT: Before making any changes, ensure you create a backup of your website. If you initially installed WordPress using the Softaculous Apps Installer, please follow the provided steps in this guide to create a backup.

To replace the missing WordPress files, follow these steps:

1. Log in to your cPanel Account and navigate to the “Softaculous Apps Installer” section:

modify wp7

2. Create a new installation for your website in a subfolder. To accomplish this, click on the WordPress icon, then select “Install“:

modify wp8

3. You will then be redirected to the installation menu. Choose your website from the drop-down menu and type the name of the subfolder within the In Directory field. As an example, we will use fix:

modify wp9

PLEASE NOTE: Replacing all the default files will automatically update your installation to the version of the “fix” installation. If the current version of your WordPress website is critical or if you intend to replace only specific files, please check your website’s version in the /wp-includes/version.php file. Then, create an installation of the same version. Avoid mixing files from different versions, as it will likely impact your website’s functionality.

modify wp10

The version for the new installation can be changed in the installation window:

modify wp11

4. Scroll down the page and click Install once you’re done.
5. Your new installation files will be located in the File Manager >> your domain name’s root folder:
modify wp12
6. To open the folder, double-click on it. To replace only the missing file (e.g. wp-settings.php), first locate the file in the new installation folder:
modify wp13
7. Relocate this file to the root folder of your website that needs fixing. Follow these steps: Right-click on the file, select “Move,” then enter the path to your website’s root folder, and click “Move file(s).” (In this example, the folder is named nctest.me.)
modify wp14
modify wp15

You’ve done it! The missing file has been successfully recovered, and your website should now be up and running.

How to Replace All Default WordPress Files

1. Log in to your cPanel Account and go to the “Softaculous Apps Installer” section:

modify wp7 1

2. Create a new installation for your website in the subfolder. To do this, click on the WordPress icon >> Install:

modify wp8

3. You will be directed to the installation menu. Select your website from the drop-down menu and enter the name of the subfolder in the “In Directory” field. In our example, it will be “modify wp9 1

PLEASE NOTE: Replacing all the default files will automatically update your installation to the version of the “fix” installation. If your WordPress website’s current version is critical or if you intend to replace only specific files, check your website’s version in the /wp-includes/version.php file. Then, create an installation with the same version. Avoid mixing files from different versions, as this is likely to affect your website’s functionality.:

modify wp10 1

The version for the new installation can be changed in the installation window:

modify wp11 1

4. Scroll down the page and click Install once you’re done.
5. Your new installation files will be located in the File Manager >> your domain name’s root folder:
modify wp12 1
6. Remove the .htaccesswp-config.php files, and wp-content folder of the newly-created installation. These are the files responsible for the content and performance of your website:
modify wp16
modify wp17
7.Move the rest of the files to the root folder of your website. To do this, click Select All >> Move >> enter the path to your website’s root folder:
modify wp18
modify wp25

You’ve completed the process! Now, please check your website to ensure it’s working as expected.

If your website still isn’t functioning correctly, the issue might be related to missing files in a theme or plugin. Below, you’ll find instructions on how to address missing theme or plugin files.

Missing Theme or Plugin Files

This problem can arise from various factors, with the most common being when your installation files become infected with malicious code. Fortunately, our Shared and Reseller Hosting servers include an antivirus system that swiftly isolates and manages these problematic files.

When your WordPress plugin files are missing, you may encounter issues such as:

  • A blank page
  • A 500 error page
  • A message stating, “This site is experiencing technical issues” (starting from WordPress version 5.2.2), and so on.
  • A “broken” page

Feel free to revisit the “Check the error_log file of your website” and “Enable display_errors PHP option” sections of this article.

You will come across errors in the error_log file or on your website similar to this:

PHP Fatal error: Uncaught Error: Call to undefined function sample_function() in /home/cPaneluser/…

As an example, this is what an error related to a broken plugin might look like:

plugin errors

To replace the missing file, you should reinstall the affected theme or plugin.

PLEASE NOTE: The absence of the functions.php file in your website’s theme is often caused by the wp-vcd.php virus, typically located in the /wp-includes folder. To ensure that the newly installed theme remains unaffected, remove the file if it’s present or replace all default files of the installation just to be safe.

Malicious Website Redirects

Occasionally, when your website is infected with a virus, it may begin redirecting to malicious pages as seen below:

modify wp21

IMPORTANT: To prevent your PC from getting infected, never click on any website links you are redirected to.

This issue is commonly caused by a non-secure plugin or theme that permits the modification of database URLs and website files. To resolve this problem, please follow these steps:

1. Locate the name of your database in the wp-config.php file. Access it through cPanel >> Databases section >> phpMyAdmin menu:

modify wp22

2. Click on the plus sign (+) next to your cPanel username to expand the list of databases. Locate the database associated with your WordPress website, and click on it. Then, select the wp_options table (wp_ is the database prefix and it can be different for your installation):

modify wp23

3. Check the values of siteurl and home rows in the option_value fields:

modify wp26

4. Replace the incorrect fields with your actual domain name.
5. Search for similar links in your database and replace them by following this guide.
6. Temporarily replace the .htaccess file of your website with the default one. It’s better to rename the existing one and create a new .htaccess file.
To rename the existing one, double-click on the file, rename it, and click Enter to save. To create a new one, click +File >> type .htaccess >> Create New File:
modify wp24
modify wp19
Once you’ve done this, right click on the newly-created file >> Edit >> paste the rule below >> click Save Changes:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
modify wp27

If your website is still redirecting, consider replacing the default files.

Additionally, you can try temporarily disabling all the plugins. If one of them caused the redirect, enable them one-by-one to identify the culprit.

You’ve completed the process!