We’re on to step 3 of fixing a hacked WordPress site after having done all the preparatory work for the site repair.
Both BackupBuddy and Sucuri Find Malware
Someone pointed out here earlier that BackupBuddy can also identify malware. So if you’re using BackupBuddy you can use the malware skin. We did that during the break and found that it found the same kinds of things that Sucuri did, so you can also use this as a tool for identifying hacking.
Remove WP in Your Control Panel
The next step in this process then is to remove the existing WordPress installation and we’re going to do that inside of her GoDaddy control panel here. So here I am in File Manager and that’s her database stuff, we don’t want to be there.
So we’ll just come over back over to upload files now. What we’re going to do is create a new folder and we’re going to call it old-leah4sci.com-site. So we’ve got created that and now what we’re going to do is move all of her WordPress files and folders into that. That means wp-admin, wp-content, wp-includes and we’ll hit move for those. We’re going to move those into there and say okay.
Then we’re going to come down here and we’re going to move this .htaccess. We’ll leave 10-secrets-to-acing-organic-chemistry there but we’ll move backupbuddy and this database and leave favicon here, we’ll leave gdform, index, license, missing.html. We’ll leave the php.ini files in here, they’re not technically speaking WordPress files, they’re more server files. And we’re going to assume that whoever them put there did that for a reason so we’ll just come along and click these.
We’ll leave sitemaps in place, webformmailer, welcome, wp-activate, blog-header, comments, config-sample, config, con, links, load, login, mail, settings, signup, trackback and xmlrpc, select move again and we’ll move those into our old and say okay to that.
This file here, we’re going to delete. It doesn’t have a name and it has some weird stuff in it so we’re going to delete it. Otherwise we’ve just got files here that couldn’t have anything to do with our hacked site.
Now if we go and take a look at our site, of course, it’s going to be non existent because it doesn’t exist, right? WordPress is no longer there anymore.
While we’re here, we are also going to go back to our database and select all of these tables by hitting check all and then with selected we’re going to say drop. This is essentially deleting the contents of the database without actually deleting the database which is what we want to do. We want to say yes to that.
Now if we look at this, go to databases, so we’ve got this database and it says no tables are found in the database. For whatever reason it goes weird on me when I fill up the page with it. I’m not sure why that is, okay so now we have a blank database.
Next up we are going to manually reinstall WordPress.