How to deal with the hacked WordPress website?

In this article, we’ll cover the most common cases of WordPress hacks, how to spot them, and the various ways to resolve them. If such a case arises, we highly recommend that you contact a professional web developer for further assistance. To help improve your overall website security, please check out this guide.

IMPORTANT: Make sure to create a backup of your website before making any changes. If you installed WordPress with the Softaculous Apps Installer, please follow the listed steps in this guide to create a backup. After following the steps, if you still face any issues, feel free to contact our 24/7 Live Support for assistance.


PLEASE NOTE: To ensure that your WordPress website does not get hacked in the future, always scan your hosting account with an antivirus, remove any malicious or suspicious files, and update all the plugins and themes of your website to their latest versions.


1.Missing default files



Although this issue is often caused by a variety of factors, the most common one is when your installation files get infected with malicious code. Luckily, the antivirus system present in our Shared and Reseller Hosting servers promptly quarantines these files.

In case your WordPress default files get infected, you might see the following:
  • A blank page
  • A 500 error page
  • A page with the message that says: “This site is experiencing technical issues” (starting from 5.2.2 WordPress version), etc.
To resolve this issue, please follow the instructions below.



To find out what exactly caused the issue on your website, you can check the error_log file. This file keeps records of any critical website errors that took place.

This file is located in the root folder of the installation:
  • If the domain name of your website is the main domain name, then its root folder is public_html. You can find it in your cPanel account >> Files Manager menu.
  • In case your domain name is an addon, you can check its root folder in your cPanel account >> Addon domains menu. Just click on the link in front of the domain name as it shown in the below screenshot:



You will then be redirected to the root folder of the domain name.

From there you can check if the error_log file is present. If the file is present please follow these steps:

1. Right click on it >> click View to check it:



In the error_log file you may see the following message: “No such file or directory in...” and path to the missing file. This error means that the file required for the correct work of the website is missing.
In our case there is one such file:

/home/cPuser/public_html/wp-settings.php



3. In order to recover the missing file, please scroll to the How to replace the missing files section of this article.



If the error_log file is not present in the root folder of your website, you can also enable the display_errors PHP option via the Select PHP version menu in your cPanel account. By enabling this option, you’ll be able to see the error directly on your website.

PLEASE NOTE: To avoid website vulnerabilities, the display_errors option should be disabled after troubleshooting the issue.


1. To enable this option, log in to your cPanel account >> Select PHP Version >> click Switch to PHP Options:



2. First, click Off in front of the display_errors option >> set to On >> click Apply >> click Save to save the changes:



3. If the default files are missing, you will now see one of the similar errors on your website:



4. The error above means that the default wp-settings.php file is missing. To replace the missing files, please follow the steps from the How to replace the missing files section.


How to replace the missing files

WordPress’ Content Management System (CMS) has a straightforward file structure so replacement can be done in just a few steps. Replacing default files is recommended as it will fix all files that are potentially corrupted by the virus. Still, it should be done with the highest amount of caution as replacing some files and folders may lead to data loss.

IMPORTANT: Make sure to create a backup of your website before making any changes. If you installed WordPress with the Softaculous Apps Installer, please follow the listed steps in this guide to create a backup.

To replace the missing WordPress files, simply follow the steps listed below:

1. Log in to your cPanel Account >> Softaculous Apps Installer:



2. Create a new installation for your website in the subfolder. To do this, click on the WordPress icon >> Install:



3. You will then be redirected to the installation menu. Choose your website from the drop-down menu and type the name of the subfolder within the In Directory field. As an example, we will use fix:



PLEASE NOTE: Replacing all the default files will automatically upgrade your installation to the version of the “fix” installation. If the current version of your WordPress website is crucial or if you plan to only replace some of the files, please check the version of your website in /wp-includes/version.php file and create the installation of the same version. Never mix the files of the different versions as it will most likely affect your website’s functionality:



The version for the new installation can be changed in the installation window:



4. Scroll down the page and click Install once you’re done.
5. Your new installation files will be located in the File Manager >> your domain name’s root folder:



6. To open the folder, double-click on it. To replace only the missing file (e.g. wp-settings.php), first locate the file in the new installation folder:



7. Move this file to the root folder of your website that should be fixed. Right-click on the file >> Move >> Enter the path to your website’s root folder >> Move file(s). (In this example, it’s the nctest.me folder.)





You did it! Now the missing file is recovered and your website should be up.



1. Log in to your cPanel Account >> Softaculous Apps Installer:



2. Create a new installation for your website in the subfolder. To do this, click on the WordPress icon >> Install:



3. You will then be redirected to the installation menu. Choose your website from the drop-down menu and type the name of the subfolder within the In Directory field. In our case it will be fix:


PLEASE NOTE: Replacing all the default files will automatically upgrade your installation to the version of the “fix” installation. If the current version of your WordPress website is crucial or if you plan to only replace some of the files, please check the version of your website in /wp-includes/version.php file and create the installation of the same version. Never mix the files of the different versions as it will most likely affect your website’s functionality:



The version for the new installation can be changed in the installation window:



4. Scroll down the page and click Install once you’re done.
5. Your new installation files will be located in the File Manager >> your domain name’s root folder:


6. Remove the .htaccess, wp-config.php files, and wp-content folder of the newly-created installation. These are the files responsible for the content and performance of your website:




7.Move the rest of the files to the root folder of your website. To do this, click Select All >> Move >> enter the path to your website’s root folder:




You did it! You can check your website now.

If it isn’t working as expected, please check the error_log again. Most likely the reason for this is missing files of a theme or plugin. Below you will find an instruction of how to deal with the missing theme or plugin files.



Although this issue is often caused by a variety of factors, the most common one is when your installation files get infected with malicious code. Luckily, the antivirus system present in our Shared and Reseller Hosting servers promptly quarantines these files.

In case your WordPress plugin files are missing, you might see the following:
  • A blank page
  • A 500 error page
  • A page with the message that says: “This site is experiencing technical issues” (starting from 5.2.2 WordPress version), etc.
  • A “broken” page
Feel free to check the Check the error_log file of your website and Enable display_errors PHP option parts of the article.

You will see one of the similar errors in the error_log file or on your website:
PHP Fatal error: Uncaught Error: Call to undefined function sample_function() in /home/cPaneluser/public_html/wp-content/themes/sampletheme/header.php:8 
To give you an example, here’s what a broken plugin error looks like:
PHP Warning:  require(/home/cPaneluser/public_html/wp-content/plugins/woocommerce/includes/wc-account-functions.php): failed to open stream: No such file or directory in /home/cPaneluser/public_html/wp-content/plugins/woocommerce/includes/wc-core-functions.php on line 26

PHP Fatal error: require(): Failed opening required '/home/cPaneluser/public_html/wp-content/plugins/woocommerce/includes/wc-account-functions.php' (include_path='.:/opt/alt/php72/usr/share/pear') in /home/cPaneluser/public_html/wp-content/plugins/woocommerce/includes/wc-core-functions.php on line 26
This error means that the files that’s required for the plugin to work is missing:


To replace the missing file you should re-install the affected theme or plugin.

PLEASE NOTE: The absence of the functions.php file in your website’s theme is most frequently caused by the wp-vcd.php virus, which can be found in the /wp-includes folder.
To make sure that the newly-installed theme won’t be affected, please remove the file beforehand if it’s present or replace all the default files of the installation just to be on the safe side.



Sometimes when your website gets affected by the virus, it starts redirecting to malicious pages:


IMPORTANT: To avoid getting a virus on your PC, never click on any website links you are redirected to.

Most often, such an issue is caused by a non-secure plugin or theme, which allows for the modification of database URLs and the files of your website.
To resolve this issue, please follow the steps listed below:

1. Find the name of your database in the wp-config.php file. Go to cPanel >> Databases section >> phpMyAdmin menu:



2. Click on + next to your cPanel username to expand the list of the databases, locate the database for your WordPress website, and click on it. Then, select wp_options table (wp_ is the database prefix and it can be different for your installation):


3. Check the values of siteurl and home rows in the option_value fields:


4. Replace the incorrect fields with your actual domain name.
5. Search for similar links in your database and replace them by following this guide.
6. Temporarily replace the .htaccess file of your website with the default one. It’s better to rename the existing one and create a new .htaccess file.
To rename the existing one, double-click on the file, rename it, and click Enter to save. To create a new one, click +File >> type .htaccess >> Create New File:



Once you’ve done this, right click on the newly-created file >> Edit >> paste the rule below >> click Save Changes:

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress


If the website is still redirecting, you may try to replace the default files.

It can also help to temporarily disable all the plugins. If one of them caused the redirect, enable them one-by-one to determine which one caused the issue.

You did it!


If you have any additional questions, feel to contact our Support Team.

Updated
3/10/2020

Viewed
7328 times

Comments

We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close