InMotion Hosting Support Center

In this article we'll discuss the steps you'd want to take regarding how to re-Install WordPress after a hack, to get your site back up and running quickly. In most cases when a WordPress site is hacked, it is because you are not running the latest secure version of WordPress, or one of the plugins that you have installed is outdated and has been used by a hacker to exploit the site.

A lot of the time a hacker will inject malicious code in your PHP scripts that can make it very hard to clean up manually after the injections took place. In some cases this might require our system administration department to quarantine your entire WordPress site outside of your [/public_html] directory, so that we can ensure further hacks aren't taking place and further damage isn't done to your WordPress database.

If you happen to have read our previous article on how to clean up a code injection attack, the steps mentioned in that article might allow you to clean up any injections that have taken place to get your site back online.

In the steps below we'll walk through an example site that has been maliciously injected to the point where it's not going to be easy to remove all the malicious code and ensure we've caught all of it. So in this case we're simply going to reinstall WordPress and then link up the new install with our old database.

Reinstalling WordPress after a Hack

  1. First you'll want to download the latest version of WordPress to your local computer.
  2. Extract the files in the .zip archive you downloaded to a local folder.
  3. filezilla upload files to public htmlUsing FTP, upload all of the folders and files contained within the wordpress directory to your public_html directory. Or if your domain was an addon domain and its document root was in a sub-directory make sure you're uploading it there. You can do this by hitting Ctrl-A in your FTP client when you're in the left-hand pane to select all the files, then simply drag them onto the server.
  4. filezilla view quarantined wp-configOnce the files are done uploading, navigate to the quarantine directory on the server side, right-click on wp-config.php and choose View/Edit. Your FTP application should prompt you for what application you'd like to open the file with, you can just use a text editor such as Notepad. Then finally copy down the database information from the define('DB_...) sections.
  5. wordpress no wp-config fileAt this point if you try to simply access the site you'll get a WordPress error about no wp-config.php file.
  6. filezilla save wp-config sampleBack in your FTP client, navigate to your public_html directory and you should see a file called wp-config-sample.php, right-click on this file and choose View/Edit, open the file in Notepad then fill in your database name, database user, and database user password.


    Then hit Ctrl-S to save the file, in a few seconds your FTP client should prompt you if you'd like to save this back to the server, click Yes. You can also place a check beside Finish editing and delete local file if your FTP client gives you that option.

  7. Now in your FTP client right-click on wp-config-sample.php choose Rename, and then name the file just wp-config.php.
  8. filezilla download custom themeNow in this case if we try to go to our site again it's an all blank page, the reason for this is because our site used a custom theme, and those theme files are still quarantined. So next in your FTP client navigate to the /quarantine/wp-content/themes directory, and drag over the pinboard directory (or whichever theme you used) to your local computer.
    Prior to copying your quarantined theme's files back to the server, you should scan them for a virus/malware, or preferably re-download a fresh copy of your theme from the developer to ensure no malicious files have been placed inside your theme's folders.
  9. filezilla upload custom themeNow navigate on the server side to the /public_html/wp-content/themes directory, and then drag the pinboard directory from the local computer to the server.
  10. wordpress site restored successfullyYou should now be able to hopefully pull up your website again free of any malicious hacks.

Depending on the complexity of your WordPress site, you might want to also go in and reinstall any plugins that you had setup to get your site fully functional again. These steps above should at least get you to the point where you can start logging back into your WordPress administration panel again, and get your site back online for your visitors.

Was this article helpful?

Related Questions

Here are a few questions related to this article that our customers have asked:
Existing mySQL; new install of WordPress. Data (pages) not appearing.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Forum Login

You are NOT logged in. You can still browse our Support Center.

To participate within our Community Support Forum:

n/a Points
2017-11-02 10:37 am

I am trying to connect through Filezilla and everything passes through (username & password) but once it validates the password it reads:

"Response: 421 Home directory not available - aborting/ Error: Could not connect to server"

Where do I go from here?

31,539 Points
2017-11-02 11:46 am
As a test try using the "quickconnect" option, since it uses the default settings. You can also check your FTP logs for additional errors or record of your connection.

Thank you,
n/a Points
2017-03-09 4:40 pm

Can a database be infected? Can it be checked with regular AntiVirus program?

31,539 Points
2017-03-09 7:18 pm
Yes, a database can be compromised in WordPress. I recommend using a 3rd party WordPress plugin to scan your database. There are many available.

Thank you,
n/a Points
2017-05-30 8:07 am

Please offer a suggestion. This is all probably obvious to you, but to me, this is Greek, and I need some help. Thanks!

11,000 Points
2017-05-30 12:08 pm
Wordfence Security is a popular security plugin. We do not always offer one suggestion because there are so many plugins.
n/a Points
2017-02-02 2:29 am

brilliant and clear steps to restore website

n/a Points
2016-12-29 10:13 am

im just follow step above, but afterr all my site just blank, any idea why?


sorry for my bad english

11,000 Points
2016-12-29 12:13 pm
It sounds like a PHP error. I advise re-tracing the most recent steps followed and trying to undo. That should help isolate where the error came from.
n/a Points
2015-11-02 4:13 am

Hi, My sites were recently hacked and I was redirected by support to this page. In steps 1 - 3, why can't we reinstall using Softaculous in CPanel? Could you please explain why, if it's linked to the latest version of Wordpress, it isn't safe to use/install?Also, I don't know what I'm doing wrong, but I follow the steps above and don't get a config error in step 5. I get a Wordpress setup dialog.After that, it doesn't get any better.



43,761 Points
2015-11-02 4:24 pm
Hello Russ,

As long as you are uploading to a blank directory, you would be OK to use the Softaculous to install WordPress. However, it would install a new database and connect to it. You would need to change the wp-config.php file (or replace it with the old one) to direct it to the old database. Then you would want to delete the unused database.

Kindest Regards,
Scott M
n/a Points
2015-11-03 12:19 am

Hi Scott,I see, thanks for clarifying. I guess I would delete the old db from MySQL in CPanel - is this correct?Also, what are the implications if I didn't delete it?Thanks,Russ

10,077 Points
2015-11-03 12:07 pm
Hello Russ,

I think there may be a misunderstanding here. In order for you to recover your website you need to direct the new WordPress files to the old database. Such as by using the old WordPress wp-config.php file.

Best Regards,
TJ Edens
n/a Points
2014-10-27 11:53 pm


How do you "quarantine" files that's currently in the folder containing the Wordpress installation?  When I got to step 3 the FTP ask me if I want to overwrite all of the files that were in the Wordpress folder on my local machine... So what should I do?  Thank you!

11,186 Points
2014-10-28 8:31 am
To relocate your current files, you may simply create a new folder within your FTP client, then move those files into that new folder.
n/a Points
2014-10-03 12:26 pm

I dont know if the service tech will get this. But Chris from Virgina beach did an amazing job helping me on this issue. Jesus name!!

n/a Points
2014-09-21 9:32 pm

Before step 3 (upload all of the folders and files contained within the wordpress directory to your public_html directory), should everything be deleted from that folder first?

43,761 Points
2014-09-22 7:42 am
Hello Mansdorf,

If the files were quarantined, there should not be any WordPress files in the public_html folder. If there are, rename the wp-config.php file so it does not get overwritten with the new one. Then you can open it to get the database connection information from it. After you get that and place it in the new wp-config.php file, you can delete it. Any files that are already in the public_html folder will get overwritten if you copy over the top of them, so there is no direct need to delete them if they are there.

Kindest Regards,
Scott M
n/a Points
2014-09-03 9:40 am
It just resolved the issue, someone has hacked our site and we could able to restore it using the methods mentioned above
2013-09-14 11:08 pm
sir, i want to install security in my site, if i edit .htaccess file, my site is not working please check whats problem and where i add .htaccess coding in my .htaccess.
11,186 Points
2013-09-16 11:32 am
When adding your the lines to your .htaccess file according the below article, be sure that you are adding these in addition to what you already have there. Removing the existing lines that Wordpress requires for permalinks will cause 404 errors.

Lock down WordPress admin login with .htaccess
2013-05-07 11:23 am
You should always check the theme for fake pages as well....

Don't ever just copy it from the quarantined installation to your new fresh installation.

Just drag it on to your local computer, do a full and extended virus sweep first (with avg and maybe spybot too).
Then download the original theme and compare the two theme-folders with each other (with winmerge).

If all oke, you can put your theme back :) If not oke, put the new downloaded theme back.

P.s. I am talking from personal experience here. They put a file in my theme in this directory (guess what it looked like a online bank's login page):
9,968 Points
2013-05-07 1:25 pm
Hello rduinmayer, and thanks for your comment and sharing your experience.

I've gone ahead and updated step #8 above to suggest to others that might also read this article that they should scan their theme's folders for signs of a virus or malware, or preferably download a fresh copy of their theme.

Thanks again for your comment!

- Jacob

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

23 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!