Restoring a Hacked WordPress Site
Recently a client contacted me about having difficulty logging in to the dashboard of their WordPress website. Sure enough, each time I attempted to log in, a ‘Connection was Reset’ message was displayed by the browser. The frontend of the site displayed correctly. Upon closer inspection of the WordPress files, it became obvious that some of them had been infiltrated. Upon editing the wp-config.php file, I could see code injected into the first line of the file. There were more files infected all through the site.
Looking at the last few backups, I could see that the files had already been infected before they were backed up. The best option would be to install the latest version of WordPress manually. First I removed files that were not part of WordPress, and then I uploaded the WordPress files. I was able to successfully log in to the backend.
Make sure WordPress and all plugins are updated.
Change all administrator passwords – use a combination of uppercase letters, lowercase letters, special characters, and numbers.
Make sure your website files AND database are being backed up daily or weekly.
Consider a security plugin.