Cleaning a Hacked WordPress Site

I just finished cleaning a WordPress site for a client that was severely compromised. The site was blocked by Google for distributing malware.

These were the steps I took:

  • Create a backup of the root folder, and the database
  • Remove unauthorized users - especially those with administrative privileges
  • Compare the root WordPress folder with a known good instance, and removed files and foldes that shouldn't be there.
  • Install the Anti-Malware WordPress plugin
    • Update the definitions
    • Run a full scan
    • Check the results
    • Allow the plugin to fix the issues
    • I highly recommend donating the $29!
  • Remove all the SPAM posts and comments
  • Change the passwords for all the users with administrative access
  • Remove unneeded Plugins and Themes
  • Update all needed Plugins and Themes

If you don't want to go through the hassle, we are happy to this for you! Reach out to me here.