WordPress index hacked page recovery
May of my customers gave a complain that the wordpress index.php files are hacked by the hackers. They are placing their own logo or hack message in the wordpress. How can you fix the issue. Simply you need to replace the index page with the wordpress default index pages.
If you are familiarized with the cPanel file manager option, then kindly follow the steps below to replace the index files of wordpress.
- Please access your cPanel, and open your File Manager.
- Navigate to the Document Root of your WordPress installation. (usually public_html). If this is in regards to an addon domain, you will find this in a separate folder inside of public_html which is named after the domain.
- Locate the file called index.php, and open it for editing using the toolbar options or right-click menu (Edit or Code Editor).
- Select all and delete the contents of this file.
- Copy and paste the code found in the link into this file to replace the original WordPress code.
- Save the changes to this file.
- You may now reload your website. You may need to refresh your page or clear your browser cache if you do not immediately see the changes.
- This fixes the defacement of the home page, but you will still need to modify one additional file to repair your admin section.
- From where you are in the File Manager from the previous step, look for the wp-admin folder and enter it.
- Locate the index.php file and open it for editing using the toolbar or right click menu (Edit or Code Editor)
- Select all and delete all contents of this file.
- Copy and paste the code found in the link into your file.
- Save the changes to this file
- You should now be able to access your admin area as well as load your site.
FIX
Upload your original theme that you are using index.php to fix the site.
They also delete the admin user #1 from the mysql database.
Use phpmyadmin in your cpanel to access your database.
Select your database on the left sidebar
Find wp_users and select browse
Note that user 1 is missing…thats what the hacker deleted
My easy fix is to take another id 2 or 3 etc and click edit
Change id value to 1
Change user_login value to your username
user_pass row set function to MD5 and value to your password
Change user_name value to your username
Click Go
You are now a little less frustrated because you can now log into your admin panel but are ticked off that your site has been hacked twice in the last week. Your hosting provider can not stop the attacks and tells you to upgrade to the latest version of wordpress which you are already running.