WordPress hacked – reinstall time

January 13th, 2012

OK,  so wordpress got hacked. I’ve had problems with this in the past and tried tactical surgery, but this time decided to do a full re-install. My first attempt today left me with the wordpress blank screen of death, so here I’m outlining the steps I took that finally got the new version working:

   back up wordpress database


   # go onto hosting box and downloaded new workdpress :
   # there are better ways to download wordpress than zip, but this worked for me
   lynx -source -dump http://wordpress.org/latest.zip > wordpress.zip
   curl http://wordpress.org/latest.zip  --O latest.zip
   unzip wordpress.zip
   mv myblog.com oldmyblog.com
   mv wordpress myblog.com
   cd myblog.com
   cp wp-config-sample.php wp-config.php
   vi wp-config.php
      # change mysql info
      /** The name of the database for WordPress */
      define('DB_NAME', 'mydbname');
      /** MySQL database username */
      define('DB_USER', 'mydbuser');
      /** MySQL database password */
      define('DB_PASSWORD', 'mydbpassowrd');
      /** MySQL hostname */
      define('DB_HOST', 'mysql.myhost.com');
      # added new keys
      # get keys at
      #    https://api.wordpress.org/secret-key/1.1/salt/
      # replacing  these lines
      # define('AUTH_KEY',         'put your unique phrase here');
      # define('SECURE_AUTH_KEY',  'put your unique phrase here');
      # define('LOGGED_IN_KEY',    'put your unique phrase here');
      # define('NONCE_KEY',        'put your unique phrase here');
      # define('AUTH_SALT',        'put your unique phrase here');
      # define('SECURE_AUTH_SALT', 'put your unique phrase here');
      # define('LOGGED_IN_SALT',   'put your unique phrase here');
      # define('NONCE_SALT',       'put your unique phrase here');
      # save file

    cp .htaccess .htaccess.orig
    # the downloaded .htaccess was giving me 404 errors
    # so I used the one from the previous blog. Not sure
    # if it's fully up to date but at least it got me going
    vi .htaccess
      # include these lines
      # BEGIN WordPress
       RewriteEngine On
       RewriteBase /
       RewriteRule ^index\.php$ - [L]
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteRule . /index.php [L]
       # END WordPress

    cp -R  ../oldmyblog.com/wp-content/themes        wp-content
    cp -R  ../oldmyblog.com/wp-content/uploads       wp-content
    cp -R  ../oldmyblog.com/wp-content/profile-pics  wp-content

    reinstall plugins, in my case I use these:

   For more info see
       suggest reinstall and checking wordpress database for these code usages for possible hacks
       SELECT * FROM wp_posts WHERE post_content LIKE '%<iframe%'
       SELECT * FROM wp_posts WHERE post_content LIKE '%<noscript%'
       SELECT * FROM wp_posts WHERE post_content LIKE '%display:%'
       check for usage of  base64_decode()


  1. Trackbacks

  2. No trackbacks yet.

  2. Oliver Polden – Online Magnetism
    February 8th, 2012 at 11:14 | #1

    Hi Kyle,

    I’ve heard about so many people having their sites hacked that I thought I would create a couple of videos about protecting your site from being hacked and also how to set up automatic backups of WordPress sites:


  3. March 15th, 2012 at 05:09 | #2

    hacked again

    Somehow someone/something was able to remove the ~/dboptimizer.com/.htaccess file.
    When it was gone, the access fell back to ~/.htaccess which was hacked such that 404 errors got redirected.

    Currently changed ~/dboptimizer.com/.htaccess is correct and set to 444 permissions. I got rid of the ~/.htaccess and put an empty ~/.htaccess with 444 permissions in place.

    Disturbing that someone had the rights to remove .htaccess with 664 permissions. Not sure how that works. Worrisome.

    Changed passwords, but I don’t think that’s the issue.

You must be logged in to post a comment.