How to Clean Up a WordPress Website

How to Clean Up a WordPress Website

WordPress is the most popular Content Management System in the world, with over 33% of websites running on WordPress. Unfortunately, popular software also attract a lot of malicious actors who will attempt to compromise your website for different gains.

Some of the tactics used are:

  • Deploying cracked themes/plugins online. Only the malicious actors know what they have done to a theme they crack. Once you download and use these themes, you end up allowing access to your website
  • Trying to gain access to wordpress websites that have weak login credentials
  • Exploiting known vulnerabilities on themes/plugins and your server. At Truehost, we keep up to date with emerging trends and employ many security layers, some which are premium to prevent server vulnerability

If your site should get compromised, please use this steps to clean it up

  • Backup the website.
  • Remove all files except wp-config.php and wp-content folder.
  • Download WordPress from and upload
  • Update wordpress, themes and plugins from the dashboard.

Below, we describe the process in detail

1.Backup the website

You can use this guide to backup your wordpress site

2.Remove all files except wp-config.php and wp-content folder

a.Login to cPanel and go to File Manager


b.Navigate to the folder that has your wordpress installation. Mine is called

c.Remove all files except wp-content and wp-config.php. See video below.

NOTE: Its important to retain wp-content folder as your themes, uploaded files and plugins are stored here. The wp-config.php file contains your database access details hence needs to be maintained.

3.Next download wordpress from

a.Upload the wordpress file into cPanel and extract the file


b.A folder called wordpress will be created. Access this folder and remove the wp-content folder there. Then move all files remaining to your initial wordpress folder. See video below

c.Lastly create a file called .htaccess and add the content below into it

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

4.Update wordpress, themes and plugins from the dashboard.

Finally, update the wordpress installation, themes and plugins.

Leave a Reply

Your cart is currently empty.
Open chat
Contact us.
Can we help you?