科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>installation - Delete all php files except Wordpress core files?

    installation - Delete all php files except Wordpress core files?

    programmeradmin2浏览0评论

    My server has been hacked with many malicious .php files having been created sending out spam in the wp-content, wp-includes, wp-admin and root directory all over the place. It is impossible to manually find all of these, many are deep in subfolders and they are many different names. How can I delete ALL .php files that are not part of the core wordpress files? Would wp core download --skip-content --force with the wp-cli tool work? I want it to be exactly like a fresh new install of Wordpress, nothing else.

    My server has been hacked with many malicious .php files having been created sending out spam in the wp-content, wp-includes, wp-admin and root directory all over the place. It is impossible to manually find all of these, many are deep in subfolders and they are many different names. How can I delete ALL .php files that are not part of the core wordpress files? Would wp core download --skip-content --force with the wp-cli tool work? I want it to be exactly like a fresh new install of Wordpress, nothing else.

    • installation
    Share Improve this question asked Oct 8, 2019 at 10:02 user176444user176444 31 silver badge2 bronze badges
    Add a comment  | 

    1 Answer 1

    Reset to default 0

    I suppose if you wanted a 'nuke-from-orbit' type of fix, you could create a brand new WP instance in a subfolder of your hosting root. Then install your theme and active plugins. You could use a theme export/import plugin to get your theme settings, but you would have to re-do all your plugin options.

    Then use the export/import to move your content. Be aware that if you have a large site, or one with lots of media, that you will have to do the import process several times until it it done.

    If you want to clean up the site (it can be done; I've done it), then you need to

    • change credentials on everything: WP admins, hosting, FTP. Look for accounts that aren't supposed to be there. You might even create a new admin user, log in as that user, then delete/demote the old admin user. Strong passwords everywhere.

    • reinstall WP via the Update screen

    • reinstall themes from known source (download to local, upload)

    • do the same for plugin files

    • remove any unused plugins/themes

    • look at every folder on your site for files that aren't supposed to be there

    • check your htaccess files for bad commands

    • look inside wp config files for badcommands; do the same with all index.php files

    My process is here: https://securitydawg/recovering-from-a-hacked-wordpress-site/ . Either way, it's a bit of work. But can be done.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论