My blog is hacked and with malware!

My site got hacked as well. Should I uninstall WP and then re-install it?

I have a small issue…my hard drive crashed a few months ago and i didn’t save the theme I downloaded and apid for…is there any way I can save that before i delete everything?

Before proceeding with a manual install/updates, it is important to review and understand all the related topics here:

http://codex.wordpress.org/Installing_WordPress#Detailed_Instructions

First you need to take inventory, then download what you need. Review the link above and make sure you fully understand it, then:

Write down a list of the installed plugins and the theme. Each as they appear in the appropriate wp admin panel section will have links to the author and WordPress page for them. After confirming compatibility with the current WordPress version, Download the latest version, saving each to a common location. Once you have gathered the files you need, they need to be extracted. Once extracted, each will have a default folder name such as mythemev1.x, it is the whole folder inside that you need.

Download WP 3.2.1 (make sure your host supports this version, it requires certain version of supporting programs/modules etc, like php. Extract files.

The file sample-wp-config.php needs to be renamed to just wp-config and it needs to have the same data as your current wp-config.php (you can just copy the wp-config.php file but make sure it’s correct and does not have errant code). This step is very important to do right.

Verify that your .htaccess file or web.config file (IIS7) is correct.

Create a new folder called BlogNewFiles (or whatever). Move the wp files to that folder. Navigate to the wp-contents folder, then plugins and then theme folders and put the plugins and theme folders you extracted into them accordingly.

Log back into site as admin and deactivate your theme and all plugins. This is very important to have the next steps work right.

Next,open Notepad (ascii text editor – NOT Word of other rich text editor) and past this in and save the file as “.maintenance” (dot first, no extension, or quotes):

<?php $upgrading = time(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Maintenance</title>
<style type="text/css">
.style1 {
	font-size: x-large;
}
.style2 {
	font-size: large;
}
</style>
</head>
<body style="background-color: #008080">
<h1>Briefly unavailable for scheduled maintenance. Check back soon.</h1>
<h2>This site is currently in Maintenance Mode. What, you say? Occasionally,
Wordpress needs to have core files updated, plug-ins updated, and then a short period
for testing is required. Look back soon.</h2>
<h2>Thanks!</h2>
</body>
</html>
<?php die(); ?>

(Above is an example and can be styled as you choose)

Using cPanel or phpmyadmin (see your web host documentation on this), and make sure you are quite clear on the instructions to backup your database, then do so.

Back to FTP now, (make really sure you have ALL your files downloaded, both old and new), then rename the folders:

wp-admin
wp-contents and
wp-includes

to

xxx-wp-admin
xxx-wp-contents and
xxx-wp-includes

(this saves the files on the servers…if your upgrade fails, remove the new files and rename those back)

Then upload your new files and after remove the .maintenance file(or rename).

Log into site, activate your theme, activate your plugins, and review the site for style and functionality.

If it it was files that were hacked, this will fix it, if not then work needs to be done on the database (which may again in turn corrupt your files, so this part may have to be redone too).

Please reply with any questions and especially if this helped.

I honestly don’t understand any of this and I feel so screwed because I am now worse off than I was before.