Introduction

A hacked WordPress website can be a frustrating experience for any website owner. One of the most common signs of a compromise is when hackers modify the index.php file to display their own messages, logos, advertisements, or defacement pages instead of your website content. In some cases, attackers may also delete administrator accounts, preventing you from accessing the WordPress dashboard.

While restoring the affected files can quickly bring your website back online, it is important to understand that file replacement alone does not remove the vulnerability that allowed the attack. This guide explains how to restore compromised WordPress index files, recover a deleted administrator account, and take additional security measures to prevent future attacks.

Step 1: Access File Manager

  1. Log in to your cPanel account.
  2. Open File Manager.
  3. Navigate to your WordPress document root:
    • Primary domain: public_html
    • Addon domain: The corresponding folder inside public_html.

Step 2: Restore the Main Website Index File

  1. Locate the index.php file in the WordPress root directory.
  2. Right-click the file and select Edit or Code Editor.
  3. Remove all existing contents.
  4. Replace them with the default WordPress index.php code:
  1. Save the file.

Step 3: Restore the WordPress Admin Index File

  1. Open the wp-admin directory.
  2. Locate the index.php file.
  3. Edit the file and remove all existing content.
  4. Replace it with the default WordPress admin index code:
  1. Save the file.

Step 4: Verify Website Access

  • Refresh your website homepage.
  • Clear your browser cache if necessary.
  • Confirm that both the website and WordPress admin panel are loading correctly.

Alternative Fix: Upload Original Theme Files

In some situations, attackers modify theme files rather than WordPress core files. If your website continues to display unauthorized content after restoring the index files:

  1. Download a clean copy of your active theme.
  2. Upload the original theme files to your server.
  3. Overwrite the compromised files.
  4. Verify that the theme’s index.php and other template files have not been modified.

This method can help restore the website if the infection is limited to the theme directory.

Recovering a Deleted Administrator Account

Some attackers remove administrator accounts from the database, making it impossible to log in to the WordPress dashboard.

Using phpMyAdmin

  1. Log in to cPanel.
  2. Open phpMyAdmin.
  3. Select your WordPress database.
  4. Open the wp_users table.
  5. Click Browse.

If the primary administrator account is missing:

  1. Select another administrator account (for example, ID 2 or ID 3).
  2. Click Edit.
  3. Update the following values:
FieldValue
ID1
user_loginYour preferred username
user_passSet Function = MD5, Value = Your password
user_nicenameYour username
display_nameYour username
  1. Click Go to save the changes.

You should now be able to access the WordPress admin dashboard using the updated credentials.

Additional Security Checks

After regaining access to your website, perform the following checks:

Scan for Malware

Use a reputable WordPress security plugin or malware scanner to identify malicious files, hidden backdoors, and unauthorized code injections.

Review Installed Plugins

  • Remove unused plugins.
  • Update all active plugins to their latest versions.
  • Replace abandoned or unsupported plugins.

Update WordPress Core and Themes

Running outdated software is one of the leading causes of WordPress compromises. Ensure that WordPress core, themes, and plugins are fully updated.

Change All Passwords

Immediately change:

  • WordPress administrator passwords
  • cPanel passwords
  • FTP/SFTP passwords
  • Database passwords
  • Email account passwords associated with the website

Check User Accounts

Review all WordPress users and remove any suspicious administrator accounts created by attackers.

Enable Security Protection

Consider implementing:

  • Two-factor authentication (2FA)
  • Login attempt limits
  • Web Application Firewall (WAF)
  • Regular malware scanning
  • Automated backups

Conclusion

A hacked WordPress index page can disrupt your website and impact your visitors’ trust. Restoring the default index.php files and recovering deleted administrator accounts can help bring your website back online quickly. However, these actions only address the visible damage. To fully secure your website, you must identify the source of the compromise, remove any malware or backdoors, update all software components, and strengthen your security practices.

Regular backups, timely updates, strong passwords, and proactive security monitoring are essential for protecting your WordPress website against future attacks. By following the recovery and security recommendations outlined in this guide, you can restore your website and significantly reduce the risk of another compromise.

Post Views: 157

Leave a Reply