Talk:My Wordpress site was hacked

If you can, please make suggestions for changes here, rather than editing the main article.

Thanks!

Lizbet 16:12, 1 March 2012 (PST)

Lizbet 20:08, 1 March 2012 (PST) I wonder whether it would be good suggestion that if they had a theme that was defective or one using timthumb, that they install timthumb verification plugin. Also I wrote a new wiki about hardening wordpress on dreamhost and I was wondering wther we could cross reference each other

Billkelly

Suggestion for Wordpress Malware Removal
Whenever I come up against a Wordpress hack I follow this process:

- Backup the site

- Download the latest version Wordpress

- Change the DB credentials and WP-Admin Credentials

- Create the new wp-config file and generate new salts

- Manually check through the theme files (assuming that you are using a custom theme)

- Move the clean theme files over to the new wp-content directory

- Reinstall all necessary plugins

- Create a new htaccess file by deleting the old one. In the dashboard go to Settings >> Permalinks >> Save. This will generate a new htaccess file.

- Go into your filemanager or command line and check / correct the permissions. 755 for directories, 644 for files, 444 for htaccess.

I follow the guides on here. The blog has come in handy numerous times. Step by Step Wordpress Malware Removal