September 25, 2011 - How to restore Wordpress sites after index.php hack

Experience Level: Beginner
Articles labeled as Beginner are those that require basic tasks to be completed, such as making simple configuration changes following a brief set of instructions. If you find yourself needing assistance, our Technical Support Department can generally assist.
 Print E-mail:

If you are using WordPress, and your index.php file has been hacked, there are just a few easy steps you can do on your own to immediately repair your web site.

On September 25, 2011, many of our customers' websites were defaced with an index page displaying a hacked message. We are taking this issue very seriously, and apologize for the frustration we know this has caused. All of your data, email, passwords and personal information are safe and untouched; however, the main index.php file will need to be repaired.

If you are comfortable modifying your content directly, please follow the steps below, or you may continue attempting to reach our Support department for assistance.

  1. Please access your cPanel, and open your File Manager.

  2. Navigate to the Document Root of your WordPress installation. (usually public_html). If this is in regards to an addon domain, you will find this in a separate folder inside of public_html which is named after the domain.

  3. Locate the file called index.php, and open it for editing using the toolbar options or right-click menu (Edit or Code Editor).

  4. Select all and delete the contents of this file.

  5. Copy and paste the code found in the below link into this file to replace the original WordPress code.

    WordPress index.php file

  6. Save the changes to this file.

  7. You may now reload your website. You may need to refresh your page or clear your browser cache if you do not immediately see the changes.

  8. This fixes the defacement of the home page, but you will still need to modify one additional file to repair your admin section.

  9. From where you are in the File Manager from the previous step, look for the wp-admin folder and enter it.

  10. Locate the index.php file and open it for editing using the toolbar or right click menu (Edit or Code Editor)

  11. Select all and delete all contents of this file.

  12. Copy and paste the code found in the below link into your file.

    WordPress wp-admin/index.php file

  13. Save the changes to this file.

  14. You should now be able to access your admin area as well as load your site.


After following these steps, you should no longer have any hacked content from this occurrence. We are available 24 hours per day via phone, chat or email if you need to reach us.

We apologize for the delay that customers experienced in the days following this defacement attack. In the aftermath of the defacement we received a high volume of calls, chats and emails and we thank everyone for your patience.
 
Rating:
 
Please log in to rate this article.
Like this Article?
Notify Me of Updates!
Please login to subscribe to receive notifications when this article is updated.
Prerequisite Articles
None

Comments

Currently no comments

You must log in before commenting.

Need more Help?

Search
Current Customers
Chat:Click to Chat Now
Call:888-321-HOST (4678)
E-mail:support@InMotionHosting.com
Ticket Submit a Support Ticket
Ask the Community!
Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.
Not a Customer?
Get web hosting from a company that is here to help. Sign up today!

Follow InMotion Hosting!

 4246 Followers. Follow Us!

Have a Question?

If you need some help, submit your question to our Community!
We guarantee a response within 60 minutes (8am - 5pm EST, Monday - Friday)

Recent Questions