Site hacked & shut down. How do I clean files and restore back up?

My site was hacked while I was out of the country and now trying to fix. Contact my host to install a clean back up but they say they don't have one so I must clean the infected files or install a clean back up.
I do not have access to the WP admin panel but do have access to my FTP and ipage control panel. However I am still learning and am not sure how to do what is required..stress!
I know I have a back up plug in installed.

What is the easiest way to install a clean copy or clean infected files? They gave me a list of what was infected but am concerned about any lingering back door codes.
I also plan on restricting admin access to my home computer IP address only to help secure against future attacks. I had wordfence free version installed that limited login attempts as well.

A step by step would be amazing if anyone can help me out.. it's vital I get it up and running this weekend.

This is the email I received with names of infected files :slight_frown:

found the following malicious or infected files :

To prevent these from being used to infect additional files on your account, and to prevent potential issues for visitors to your site or your domains status with search engines, we have temporarily suspended web services.

We request you to either remove these scripts or replace them with clean copies. If possible it's recommended to delete the entire site and upload a known clean copy; this should then erase any other code which may have been injected into your pages to allow 'back-door' access by unauthorized people.

  • Adam Czajczyk

    Hey again @burlingtonbeachrentals,

    As much as I'd like to give you a step-by-step instruction on how to clean your site of a malicious code completely, I'm afraid it's well beyond the scope of this forum. That is because there's a lot of work to be done on site's code: from the message your hosting provider sent you you can clearly see that the crucial WordPress core files has been infected. It's not also obvious what is the malicious code inside and where else it's hiding (and I bet it is!).

    That said, the safest solution would be to delete each and every file, remove the database, then:

    - change all login details (starting from your hosting's customer management panel account, ending on FTP accounts)
    - create a new database (with a different name, username and password)
    - install a clean, new copy of WordPress

    I wouldn't also try to restore anything from backup as it's most likely affected as well!

    The major drawback of this solution is that you'll lost all your data/content. There's however a good chance that someone with a good knowledge of coding, WordPress standards and the security issues would be able to clean the site but that sounds rather like a job to be posted on our Job Board here:

    I'm aware that this advice isn't quite comforting but dealing with hackers and malicious bots is never an easy task!

    If I can be of any more help, please let me know. I'll be glad to assist.


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.