Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
Thread Starter
maydo
(@maydo)
hop can i remove hacked files on me now.. plz help me
Please read the link I posted.
1. Make a list of all the plugins and themes you have installed.
2. Via FTP or your hosting control panel, delete the directories
2a) wp-admin
2b) wp-includes
2c) wp-content/plugins
2d( wp-content/themes
2e) all PHP files in the root of your site *except* wp-config.php
3. Download a fresh copy of WordPress and unzip locally
4. Via FTP, upload the contents of the “wordpress”directory you got when you unzipped.
5. Login to your site and re-install your plugins and themes
6. Via FTP or your hosting control panel, delete the file “.htaccess” in the root of your site. Go to Settings->Permalinks and click “save” to recreate it.
7. Install the plugin “wordfence”. Set it to do a “high sensitivity” scan and scan your site to see if you got it all.
