September 25, 2011 - How to restore Wordpress sites after index.php hack

If you are using WordPress, and your index.php file has been hacked, there are just a few easy steps you can do on your own to immediately repair your web site.

On September 25, 2011, many of our customers' websites were defaced with an index page displaying a hacked message. We are taking this issue very seriously, and apologize for the frustration we know this has caused. All of your data, email, passwords and personal information are safe and untouched; however, the main index.php file will need to be repaired.

If you are comfortable modifying your content directly, please follow the steps below, or you may continue attempting to reach our Support department for assistance.

  1. Please access your cPanel, and open your File Manager.

  2. Navigate to the Document Root of your WordPress installation. (usually public_html). If this is in regards to an addon domain, you will find this in a separate folder inside of public_html which is named after the domain.

  3. Locate the file called index.php, and open it for editing using the toolbar options or right-click menu (Edit or Code Editor).

  4. Select all and delete the contents of this file.

  5. Copy and paste the code found in the below link into this file to replace the original WordPress code.

    WordPress index.php file

  6. Save the changes to this file.

  7. You may now reload your website. You may need to refresh your page or clear your browser cache if you do not immediately see the changes.

  8. This fixes the defacement of the home page, but you will still need to modify one additional file to repair your admin section.

  9. From where you are in the File Manager from the previous step, look for the wp-admin folder and enter it.

  10. Locate the index.php file and open it for editing using the toolbar or right click menu (Edit or Code Editor)

  11. Select all and delete all contents of this file.

  12. Copy and paste the code found in the below link into your file.

    WordPress wp-admin/index.php file

  13. Save the changes to this file.

  14. You should now be able to access your admin area as well as load your site.


After following these steps, you should no longer have any hacked content from this occurrence. We are available 24 hours per day via phone, chat or email if you need to reach us.

We apologize for the delay that customers experienced in the days following this defacement attack. In the aftermath of the defacement we received a high volume of calls, chats and emails and we thank everyone for your patience.

Like this Article?

Login to comment.

Support Center Login

Your Opinion Matters

... but we need to know what you're thinking!

The Community Support team wrote the article you're looking at now. We like to think it's perfect, but we're sure you have some suggestions. Please, let us know what they are!

Feedback
Your Email Address
Because we'd like to talk with you!

Latest Questions

If you need some help, submit your question to our Community!
We guarantee a response within 60 minutes (8am - 9pm EST, Monday - Friday)
Ask a Question!
Recent Questions
  1. The best way to setup an external MS exchange server as the main mail server with inmotion hosting as the backup mail?
  2. Can I create a website on another website (e.g. Wix) and have it hosted on my inmotion domain?
  3. Why can't I see my updated web files on my website?
Browse other questions

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!