{"id":11818,"date":"2016-12-14T22:33:39","date_gmt":"2016-12-15T03:33:39","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=11818"},"modified":"2016-12-15T13:35:19","modified_gmt":"2016-12-15T18:35:19","slug":"reinstall-malware-infected-word-press","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=11818","title":{"rendered":"Reinstall WordPress Web Site"},"content":{"rendered":"<span id=\"Background\"><h2>Background<\/h2><\/span>\n<p>My site got infected by malware yesterday. My hosting company put the site under quarantine and blocked all accesses to it. I used procedure outlined in this blog to reinstall WordPress and pointing to the existing database. All plugins also need to be reinstalled.<\/p>\n<span id=\"Environment\"><h2>Environment<\/h2><\/span>\n<p>* Word Press: 4.4.5<br \/>\n* Apache: 2.2.31<br \/>\n* PHP: 5.6.27<br \/>\n* MySQL: 5.6.32<br \/>\n* Perl: 5.10.1<\/p>\n<span id=\"Backup_and_Remove_Old_Site\"><h2>Backup and Remove Old Site<\/h2><\/span>\n<p>* Login <em>cPanel > File Manager<\/em><br \/>\n* Zip up the folder containing the infected site<br \/>\n* Download the zip file to your local computer for archiving and forensic analysis<br \/>\n* Remove the zip file after downloading it<br \/>\n* Remove all the files in the infected folder including all hidden files<\/p>\n<span id=\"Reinstall_Word_Press\"><h2>Reinstall Word Press<\/h2><\/span>\n<p>* Download <em>wordpress-4.4.5.tar <\/em>from <a href=\"https:\/\/wordpress.org\/download\/release-archive\/\">Word Press Release Archive<\/a><br \/>\n* Go to Login <em>cPanel > File Manager<\/em><br \/>\n* Upload and extract <em>wordpress-4.4.5.tar<\/em> into the root directory of your existing site, e.g. <em>public_html<\/em><\/p>\n<span id=\"Configure_wp-config.php\"><h3>Configure wp-config.php<\/h3><\/span>\n<p>* Go to <em>Login cPanel > File Manager<\/em><br \/>\n* Rename <em>wp-config-sample.php<\/em> to <strong>wp-config.php<\/strong><br \/>\n* Change permission to <strong>440<\/strong><br \/>\n* Modify following sections of <em>wp-config.php<\/em>:<br \/>\n&#8211; Update MySQL connection parameters:<\/p>\n<pre lang=\"php\">\r\n\/\/ ** MySQL settings - You can get this info from your web host ** \/\/\r\n\/** The name of the database for WordPress *\/\r\ndefine('DB_NAME', 'wp_db');\r\n\r\n\/** MySQL database username *\/\r\ndefine('DB_USER', 'wp_user');\r\n\r\n\/** MySQL database password *\/\r\ndefine('DB_PASSWORD', 'dp_secret');\r\n<\/pre>\n<p>&#8211; Update auth key salt vlaues using WordPress online <a href=\"https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/\">salt generator<\/a><\/p>\n<span id=\"Copy_Theme_Folder\"><h3>Copy Theme Folder<\/h3><\/span>\n<p>* Manually download and install the old theme to your newly installed site<br \/>\n* Alternatively, clean (e.g. search for &#8216;\\x&#8217;) and copy theme folder from old site to the new site, e.g. <em>wp-content\\themes\\twentyten<\/em> folder. <\/p>\n<span id=\"Copy_Uploads_Folder\"><h3>Copy Uploads Folder<\/h3><\/span>\n<p>* <em>uploads <\/em>folder contains uploaded images<br \/>\n* Clean (e.g. search for &#8216;\\x&#8217;) and copy <em>uploads <\/em>folder from original site to the new site, e.g. <em>wp-content\\uploads<\/em><\/p>\n<span id=\"Re-Install_Plugins\"><h2>Re-Install Plugins<\/h2><\/span>\n<p>* Once the site is up and running, log into admin page and reinstall all plugins, e.g.<br \/>\n<em>&#8211; CodeHighlighter<br \/>\n&#8211; WP-TOC<br \/>\n&#8211; Awesome Ads<br \/>\n&#8211; Google Analytics Dashboard for WP<br \/>\n&#8211; Google Doc Embedder<br \/>\n&#8211; SI CAPTCHA Anti-Spam<br \/>\n&#8211; WP QuickLaTeX<br \/>\n&#8211; Do <strong>NOT <\/strong>install WP-Syntax, it broke my site<\/em><\/p>\n<span id=\"Add_Redirect_Page\"><h2>Add Redirect Page<\/h2><\/span>\n<p>* My WordPress is installed in a subfolder named wp<br \/>\n* Add a redirect page index.php to redirect to wp subfolder:<\/p>\n<pre lang=\"xml\">\r\n<html>\r\n<head>\r\n<title>Untitled Document<\/title>\r\n<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=iso-8859-1\">\r\n<META HTTP-EQUIV=\"Refresh\"\r\n      CONTENT=\"0; URL=wp\">\r\n<\/head>\r\n<\/pre>\n<span id=\"Clean_up_.htaccess_Files\"><h2>Clean up .htaccess Files<\/h2><\/span>\n<p>* Make sure you use <em>cPanel <\/em>to open File Manager so that you can see hidden files<br \/>\n* Remove any malware <em>mod_rewrite<\/em> codes from all <em>.htaccess<\/em> files, e.g.<\/p>\n<pre lang=\"xml\">\r\n<IfModule mod_rewrite.c>\r\nRewriteEngine On\r\nRewriteCond %{HTTP_USER_AGENT} google [OR]\r\nRewriteCond %{HTTP_REFERER} google\r\nRewriteCond %{REQUEST_URI} !(\\.js|\\.css|\\.png|\\.jpg|\\.jpeg|\\.gif|\\.svg|\\.ttf|\\.woff|\\.eot)\r\nRewriteRule ^.*$ cae1c4.php [L]\r\n<\/IfModule>\r\n<\/pre>\n<span id=\"Reactive_the_Site\"><h2>Reactive the Site<\/h2><\/span>\n<p>* Call your hosting company to verify the cleaning and reactive the site for you<\/p>\n<span id=\"References\"><h2>References<\/h2><\/span>\n<p>* <a href=\"http:\/\/www.inmotionhosting.com\/support\/website\/wordpress\/reinstall-wordpress-after-a-hack\">How to Re-Install WordPress after a Hack<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Background My site got infected by malware yesterday. My hosting company put the site under quarantine and blocked all accesses to it. I used procedure outlined in this blog to reinstall WordPress and pointing to the existing database. All plugins &hellip; <a href=\"https:\/\/jianmingli.com\/wp\/?p=11818\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7],"tags":[741,740,295,739],"class_list":["post-11818","post","type-post","status-publish","format-standard","hentry","category-wordpress","tag-bluehost","tag-malware","tag-reinstall","tag-wordpress"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-34C","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11818"}],"version-history":[{"count":9,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11818\/revisions"}],"predecessor-version":[{"id":11831,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11818\/revisions\/11831"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}