WordPress is the most popular Content Management System in the world, with over 33% of websites running on WordPress. Unfortunately, popular software also attract a lot of malicious actors who will attempt to compromise your website for different gains.
Some of the tactics used are:
- Deploying cracked themes/plugins online. Only the malicious actors know what they have done to a theme they crack. Once you download and use these themes, you end up allowing access to your website
- Trying to gain access to wordpress websites that have weak login credentials
- Exploiting known vulnerabilities on themes/plugins and your server. At Truehost, we keep up to date with emerging trends and employ many security layers, some which are premium to prevent server vulnerability
If your site should get compromised, please use this steps to clean it up
1.Backup the website.
2.Remove all files except wp-config.php and wp-content folder
3.Download WordPress from wordpress.org and upload
4.Update wordpress, themes and plugins from the dashboard.
Below, we describe the process in detail
1.Backup the website #
You can use this guide to backup your wordpress site
2.Remove all files except wp-config.php and wp-content folder #
a.Login to cPanel and go to File Manager
b.Navigate to the folder that has your wordpress installation. Mine is called wp.rawle-engineering.xyz
c.Remove all files except wp-content and wp-config.php. See video below.
NOTE: Its important to retain wp-content folder as your themes, uploaded files and plugins are stored here. The wp-config.php file contains your database access details hence needs to be maintained.
3.Next download wordpress from https://wordpress.org/download/ #
a.Upload the wordpress file into cPanel and extract the file
b.A folder called wordpress will be created. Access this folder and remove the wp-content folder there. Then move all files remaining to your initial wordpress folder. See video below
c.Lastly create a file called .htaccess and add the content below into it
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress4.Update wordpress, themes and plugins from the dashboard. #
Finally, update the wordpress installation, themes and plugins. Use this guide
Additional guides #
Below is an advanced guide from wordfence.com on how to clean up a wordpress guide.
I need the update ASAP
What’s the update with this ticket?
An update will be via ticket #6637342