In this article, we’ll cover the most common cases of WordPress hacks, how to spot them, and the various ways to resolve them. If such a case arises, we highly recommend that you contact a professional web developer for further assistance. To help improve your overall website security, please
check out this guide.
PLEASE NOTE: To ensure that your WordPress website does not get hacked in the future, always scan your hosting
account with an antivirus, remove any malicious or suspicious files, and update all the plugins and themes of your website to their latest versions.
1.Missing default files
Although this issue is often caused by a variety of factors, the most common one is the infection of your installation files with malicious code. Luckily, the antivirus system present on our Shared and Reseller Hosting servers promptly quarantines these files.
In case your WordPress default files get infected, you might see the following:
-
A blank page
- A 500 error page
- A page with the message that says: “This site is experiencing technical issues” (starting from 5.2.2 WordPress version), etc.
To resolve this issue, please follow the instructions below.
To find out what exactly caused the issue on your website, you can check the error_log file. This file keeps records of any critical website errors that took place.
This file is located in the root folder of the installation:
-
If the domain name of your website is the main domain name, then its root folder is public_html. You can find it in your cPanel account >> the File Manager menu.
- In case your domain name is an addon, you can check its root folder in your cPanel account >> the Domains menu. Just click on the link next to the domain name as shown in the screenshot below:
You will then be redirected to the root folder of the domain name.
There you can check if the error_log file is present. If the file is present, please follow these steps:
1. Right click on it >> click View to check it:
In the error_log file, you may see the following message: “No such file or directory in...” and the path to the missing file. This error means that the required file is missing for the correct work of the website.
In our case, this is the file below:
/home/cPuser/public_html/
wp-settings.php
If the error_log file is absent in the root folder of your website, you can enable the display_errors PHP option via the Select PHP version menu in your cPanel account. By enabling this option, you’ll be able to see the error directly on your website.
PLEASE NOTE: To avoid website vulnerabilities, the display_errors option should be disabled after troubleshooting the issue.
1. To enable this option, log in to your cPanel account >> Select PHP Version >> switch to Options:
2. Checkmark the icon in front of the display_errors option in order to enable it:
3. If the default files are missing, then you will see one of the similar errors on your website:
4. The error above means that the default
wp-settings.php file is missing. To replace the missing files, please follow the steps in the
How to replace the missing files section.
In the Stellar Business package, the display_errors PHP option can be enabled as follows:
- using the php.ini file. Add the following line to the php.ini file:
display_errors=1
- using the .htaccess file. Add the following line to the .htaccess file:
php_value display_errors 1
How to replace the missing files
WordPress’ Content Management System (CMS) has a straightforward file structure, so replacement can be done in just a few steps. Replacing the default files is recommended, as it will fix all the files that are potentially corrupted by the virus. Still, it should be done with the highest amount of caution, as replacing some files and folders may lead to data loss.
To replace the missing WordPress files, simply follow the steps listed below:
1. Log in to your cPanel Account >> Softaculous Apps Installer:
2. Create a new installation for your website in the subfolder. To do this, click on the WordPress icon >> Install:
3. You will then be redirected to the installation menu. Choose your website from the drop-down menu and type the name of the subfolder within the In Directory field. As an example, we will use fix:
PLEASE NOTE: Replacing all the default files will automatically upgrade your installation to the version of the “fix” installation. If the current version of your WordPress website is crucial or if you plan to only replace some of the files, please check the version of your website in the /wp-includes/version.php file and create the installation of the same version. Never mix the files of the different versions, as it will most likely affect your website functionality:
The version for the new installation can be changed in the installation window:
4. Scroll down the page and click Install once you’re done.
5. Your new installation files will be located in File Manager >> the root folder of your domain name:
6. To open the folder, double-click on it. To replace only the missing file (e.g. wp-settings.php), first locate the file in the folder of the new installation:
7. Move this file to the root folder of your website that should be fixed. Right-click on the file >> Move >> Enter the path to your website root folder >> Move file(s). (In this example, it’s the nctest.me folder.)
You did it! Now the missing file is recovered, and your website should be up.
1. Log in to your cPanel Account >> Softaculous Apps Installer:
2. Create a new installation for your website in the subfolder. To do this, click on the WordPress icon >> Install:
3. You will then be redirected to the installation menu. Choose your
website from the drop-down menu and type the name of the subfolder
within the In Directory field. In our case it will be fix:
PLEASE NOTE: Replacing all the default files will automatically upgrade your installation to the version of the “fix”
installation. If the current version of your WordPress website is
crucial or if you plan to only replace some of the files, please check
the version of your website in the /wp-includes/version.php file and
create the installation of the same version. Never mix the files of the
different versions, as it will most likely affect your website
functionality:
The version for the new installation can be changed in the installation window:
4. Scroll down the page and click Install once you’re done.
5. Your new installation files will be located in File Manager >> the root folder of your domain name:
6. Remove the .htaccess, wp-config.php files, and the wp-content folder of the newly-created installation. These are the files responsible for the content and performance of your website:
7.Move the rest of the files to the root folder of your website. To do this, click Select All >> Move >> enter the path to your website root folder:
You did it! You can check your website now.
If it doesn’t work as expected, please check the error_log again. Most likely the reason for this is missing files of a theme or plugin. Below you will find the instructions on how to deal with the missing files of the theme or plugins.
Although this issue is often caused by a variety of factors, the most common one is the infection of your installation with malicious code. Luckily, the antivirus system present on our Shared and Reseller Hosting servers promptly quarantines these files.
In case your WordPress plugin files are missing, you might see the following:
- A blank page
- A 500 error page
- A page with the message that says: “This site is experiencing technical issues” (starting from 5.2.2 WordPress version), etc.
- A “broken” page
You will see one of the similar errors in the error_log file or on your website:
PHP Fatal error: Uncaught Error: Call to undefined function sample_function() in /home/cPaneluser/...
To give you an example, here’s what a broken plugin error looks like:
To replace the missing file, you should re-install the affected
theme or
plugin.
PLEASE NOTE: The absence of the functions.php file in your website theme is most frequently caused by the wp-vcd.php virus which can be found in the /wp-includes folder.
Sometimes when your website gets affected by the virus, it starts redirecting to malicious pages:
IMPORTANT: To avoid getting a virus on your PC, never click on any website links you are redirected to.
Most often, such an issue is caused by a non-secure plugin or theme, which allows for the modification of database URLs and the files of your website.
To resolve this issue, please follow the steps listed below:
1. Find the name of your database in the wp-config.php file.
Go to cPanel >> the Databases section >> the phpMyAdmin menu:
2. Click on + next to your cPanel username to expand the list of the databases, locate the database for your WordPress website, and click on it. Then, select the wp_options table (wp_ is the database prefix, and it can be different for your installation):
3. Check the values of the siteurl and home rows in the option_value fields:
4. Replace the incorrect fields with your actual domain name.
5. Search for similar links in your database and replace them by following
this guide.
6. Temporarily replace the .htaccess file of your website with the default one. It’s better to rename the existing one and create a new .htaccess file.
To rename the existing one, double-click on the file, rename it, and click Enter to save.
To create a new one, click +File >> type .htaccess >> Create New File:
Once you’ve done this, right click on the newly-created file >> Edit >> paste the rule below >> click Save Changes:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
It can also help to temporarily
disable all the plugins. If one of them caused the redirect, enable them one-by-one to determine which one caused the issue.
You did it!
If you have any additional questions, feel to contact our
Support Team.
