Restoring an Exploited WordPress files


wordpress-hackedI previously had a 10 step process to replace all the files in a wordpress, this got rid of most file based exploits.

Since then i have written a shell script that pretty much incorperates that

wget http://blog.rimuhosting.com/files/restorewordpress.sh
chmod +x restorewordpress.sh
./restorewordpress.sh /full/path/to/documentroot

Note: This does not do custom themes or plugins (only ones from wordpress.com), and its a good idea to double check the wp-config.php is clean, either before, or immediately after doing this.

Please let me know if you have any issues at all with this script, or modifications needing to be made.

,

One response to “Restoring an Exploited WordPress files”

  1. […] But as well as being easy to install and popular, it is also the most commonly exploited system we host.  That's because its popularity has led to increased interest from hackers, and also because the install defaults are not as secure as they could be.  If a hacker can leverage these weaknesses to crack a password for your site, they will often use it to send spam or distribute exploits designed to hack into other computers.  Even without cracking a password, many wordpress sites can be used to attack other sites.  If your WordPress system gets exploited you'll have the unenviable task of cleaning that up, made a bit easier thanks to Liz's restore wordpress script. […]