WordPress is the most popular Content Management System in the world, with over 33% of websites running on WordPress. Unfortunately, popular software also attracts a lot of malicious actors who will attempt to compromise your website for different gains.
Some of the tactics used are:
- Deploying cracked themes/plugins online. Only the malicious actors know what they have done to a theme they crack. Once you download and use these themes, you end up allowing access to your website
- Trying to gain access to wordpress websites that have weak login credentials
- Exploiting known vulnerabilities on themes/plugins and your server. At Truehost, we keep up to date with emerging trends and employ many security layers, some which are premium to prevent server vulnerability
If your site should get compromised, please use this steps to clean it up
- Backup the website.
- Remove all files except wp-config.php and wp-content folder.
- Download WordPress from wordpress.org and upload
- Update wordpress, themes and plugins from the dashboard.
Below, we describe the process in detail
1.Backup the website
You can use this guide to backup your wordpress site
2.Remove all files except wp-config.php and wp-content folder
a.Login to cPanel and go to File Manager
b.Navigate to the folder that has your wordpress installation. Mine is called wp.rawle-engineering.xyz
c.Remove all files except wp-content and wp-config.php. See video below.
3.Next download wordpress from
a.Upload the wordpress file into cPanel and extract the file
c.Lastly create a file called .htaccess and add the content below into it
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress4.Update wordpress, themes and plugins from the dashboard.
Finally, update the wordpress installation, themes and plugins.