Time and time again this blog gets hacked and what I dislike most about the clean-up process is making a clean install of WordPress. You’ll probably think, “Why not update WordPress from the admin panel or the webhost cpanel?”. The downside to that is although WordPress will be updated, some, if not most, files will remain untouched. Since hackers target core WordPress files, it is best to start over with fresh files.
This tutorial is, as I’ve said, quite painless but requires you to have access to your server via Command Line SSH (Secure Shell). Your webhost should provide you with this option. Also, an SSH client. I use SecureCRT but Putty is pretty good too.
Login to your server via SSH. Once logged in, go to the directory where you’re installing WordPress:
If you are re-installing WordPress on top of your current installation, create a temporary folder that we’ll work on for now:
Next, let’s download the latest version of WordPress:
After downloading, you’ll see a success message appears such as this:
2014-02-19 12:34:56 (2.40 MB/s) - `latest.tar.gz' saved [5869727/5869727]
The file ‘latest.tar.gz’ is now sitting in your folder waiting to be extracted. If your server allows it, you can attempt this one quick command that extracts the archive files into the current directory:
tar --strip-components=1 -zxvf latest.tar.gz
If not, do this instead:
tar xfz latest.tar.gz
This extracts the files into a directory named wordpress/. What we want to do now is take everything from that folder and place it where the original tar file was saved:
mv wordpress/* ./
Next, delete the now empty wordpress folder:
and the archive containing the core files:
rm -f latest.tar.gz
If you’re re-installing, rename the old folder to something else:
mv blog blogold
Then rename the temporary folder to the original folder’s name:
mv blogtemp blog
You’re all set! Make sure you got the wp-config.php file updated with your server credentials before running the clean install.