Reinstalling Hacked Site (9 posts)

  1. fuerzayf
    Posted 3 years ago #


    My website recently got hacked by "DZ Crew"

    The hackers were using WP somehow to get into my site because they deleted everything except the WP docs, when I re uploaded the site again they did it again, until I deleted the WP files and folders.

    I have backed up my DB and files and now am wondering about how to go about re-installing it all.

    Do I just upload a clean version of WP and point it to the DB then copy and paste the files back into their corresponding folders?

    Any idea what files I should check (and how) that may be letting them into my site?

    I have obviously changed all of the passwords.

    Thanks in advance for any help.

  2. Roy
    Posted 3 years ago #


    Change ALL passwords, database, FTP, control panel, don't use the same WP credentials. Make very sure the database is clean, the problem might not be in the WP files. Read the above and all links in it.

  3. fuerzayf
    Posted 3 years ago #

    Hi ROy,

    Thanks for that. I have changed all passwords. Do you know what kind of things I should look for in the DB, Im not very PHP savy so dont really know where to start.

  4. Roy
    Posted 3 years ago #

    You can scan your site here:

    There are also plugins to check the site. Since every hack is different, it is impossible to say something general, save for referring to the link that I gave earlier. There are plenty suggestions there.

  5. fuerzayf
    Posted 3 years ago #


  6. damian5000
    Posted 3 years ago #

    buddy, i'm going through this right now too. i feel you for you. my site was only up for 2 days before it got slammed by some screwball name "hmei7"...

  7. Hazlitt
    Posted 3 years ago #

    All Roy's suggestions are spot on.

    I would also suggest setting the site up offline with a fresh download of WordPress and fresh downloads of any plugins you are using. You could use packages like WAMP or MAMP to do this on your computer Then use plugins like Exploit Scanner and Sucuri Scannerto see if it can find any suspect code in the theme files that you are using. There could also be suspect code in the database, often found in the wp_options table. Also check .htaccess files for rogue redirection directives.

    When the offline version is clean, harden it, there are a number of articles on this and things like changing the wp_ database table prefix and getting rid of the account 'admin' are important. When it is back online double check all the file permissions and take steps like adding a .htaccess / .htpasswd combination to the wp-admin folder.

  8. Krishna
    Volunteer Moderator
    Posted 3 years ago #

  9. fuerzayf
    Posted 3 years ago #

    Thank you, I will look into all of those!

Topic Closed

This topic has been closed to new replies.

About this Topic