How to deal with the hacked WordPress website

In this article, we’ll discuss the most common types of WordPress hacks, how to identify them, and the different methods to fix them. If you encounter such an issue, we strongly recommend contacting a professional web developer for further assistance. For additional guidance on improving your hosting account’s security, please refer to this guide.

IMPORTANT: Before making any changes, create a full backup of your website. 

PLEASE NOTE: To reduce the risk of future WordPress hacks, regularly scan your hosting account with an antivirus tool, remove any malicious or suspicious files, and keep all your website’s plugins and themes updated to their latest versions.

  1. Missing default files

  2. How to replace missing WordPress files

  3. How to replace all default WordPress files

  4. Missing theme or plugin files

  5. Malicious redirects

Missing default files

While several different issues can lead to missing or altered default files, the most common cause is malware injected into your WordPress installation. Fortunately, the antivirus tools on our Web and Hosting servers can automatically detect and quarantine compromised files.

If your core WordPress files become infected, you may encounter symptoms such as:

  • A blank page;

  • A 500 Internal Server Error;

  • An “This site is experiencing technical issues” error (introduced in WordPress 5.2.2);

  • Or other similar errors.

To fix this problem, simply follow the steps outlined below.

Check the error_log file of your website

To identify what caused the issue on your site, review the error_log file. This file records any critical errors your website encounters.

You can locate it in your cPanel account > the “File Manager” menu > the root directory of your WordPress installation. 

Once you access the domain’s root folder, look for the error_log file. If it exists, follow these steps:

  1. Right-click the file, then select View:


  2. Inside the log, you may see an error such as: “No such file or directory in…”, followed by the path of the missing file. This indicates that a required file is absent and is preventing the website from running correctly.

    For example:

    /home/cPuser/public_html/wp-settings.php

  3. To restore the missing file, scroll down to the "How to replace the missing files" section of this guide.

Enable the display_errors PHP option

If the error_log file is not available in your website’s root directory, you can enable the display_errors PHP option in your cPanel account. This setting allows error messages to appear directly on your website, making it easier to identify the issue.

Important: For security reasons, make sure to disable display_errors once you finish troubleshooting.

You can enable the PHP option in the following ways:

  • Via php.ini 

In addition to the “PHP Tweaks” menu of cPanel, you can also adjust certain settings for a website directly through a php.ini file by adding/editing corresponding lines in there. 

To enable the display_errors option, you’ll need  to add the following line to the file:

display_errors=1

You can either create a new php.ini file in the website’s root folder and add the line there or modify the system-generated file by following the steps below.

  1. Log in to your cPanel account and go to the “File Manager” menu.

  2. Make sure the “Show Hidden Files (dotfiles)” option is enabled in settings:


  3. Navigate to the following directory:  /home/cPanel_user/.system-php/ini


  4. Select the PHP version assigned to your domain and then select the domain’s directory. For example, the full path may look like:

    /home/cPanel_user/.system-php/ini/7.0/testwebsite.com

  5. Right-click the php.ini file and select Edit.

  6. Add the following line to the file:

    display_errors=1

  • Via .htaccess


To enable the display_errors PHP option via the .htaccess file, you’ll need to edit the file inside the website’s root directory in “File Manager”, and add the following line there:

php_value display_errors 1

The detailed steps on locating the .htaccess file can be found in this article

After making your changes, click Save.

How to replace missing WordPress files

WordPress uses a simple and organized file structure, which makes restoring missing or corrupted files relatively easy. Replacing the default core files is strongly recommended, as it ensures that any files compromised by malware are fully restored. However, proceed with caution: replacing certain files or folders can result in data loss if not done properly.

Follow the steps below to replace missing WordPress files:

  1. Log in to your cPanel and go to Softaculous Apps Installer.

  2. Create a new WordPress installation in a temporary subdirectory. To do this, click the WordPress icon and then select Install:


  3. You will be redirected to the installation settings page. There, select the domain name in question from the dropdown menu, and enter the name of a subfolder in the In Directory field.

    In this example, we use the ” fix” subfolder for the WordPress installation:


    NOTE: Replacing all default files will update your existing installation to the version used in the temporary “fix” installation, and mixing files from different versions can cause system conflicts and break site functionality.

    If maintaining your current WordPress version is important, or if you plan to replace only specific files, check the version of your site inside the /wp-includes/version.php file, and ensure that the new installation uses the same WordPress version:


  4. You can choose the WordPress version for the new installation directly in the installation window:


  5. Once all settings are configured, click Quick Install or scroll down to the bottom of the installation page and click Install

  6. After the new WordPress installation completes, its files will appear in “File Manager” > the root directory of your domain. Open the folder by double-clicking it:


  7. To replace a specific missing file (e.g., wp-settings.php), locate that file inside the new installation’s directory.

  8. After this, move the file to your website’s current root directory by right-clicking on the file > click on Move > enter the path to your website’s root folder > click Move file(s)


  9. Once complete, the missing file has been restored, and your website should now load properly.

How to replace all default WordPress files

In the process of replacing all the default WordPress files for a website, steps 1-6 are the same as in the “How to replace missing WordPress files” section. 

After these steps are completed and the new WordPress installation is created, to replace all default files in your website’s root folder, please follow these steps:

  1. Open the new WordPress installation root folder:


  2. Inside the new installation folder, delete the following files and folders:


    • .htaccess

    • wp-config.php

    • wp-content

      These files and folders contain your site’s configuration and content, and must remain unchanged.

  3. Then, move the remaining files to the root directory of your main website. For this, use the Select All button > click on Move > enter the path to your site’s root folder > click Move file(s):


  4. Your WordPress core files have been fully replaced. Visit your website to confirm everything loads correctly.

    If the site still displays errors, check the error_log again. In most cases, additional issues are caused by missing theme or plugin files.

Missing theme or plugin files

Missing theme or plugin files can occur for several reasons, but the most common cause is malware that infects and removes essential components of your WordPress installation. 

If any of your WordPress plugin or theme files are missing, you may encounter:

  • A blank page;

  • A 500 Internal Server Error;

  • An “This site is experiencing technical issues” error (introduced in WordPress 5.2.2);

  • A partially loaded or visually “broken” page.

For assistance with diagnosing the issue, refer to the following sections of this article: Check the error_log file of your website and Enable the display_errors PHP option.

You may see error messages similar to the following in your error_log or directly on the website:

PHP Fatal error: Uncaught Error: Call to undefined function sample_function() in /home/cPaneluser/...

Below is an example of an error caused by a corrupted or missing plugin file:


To restore the missing file, simply reinstall the affected theme or plugin.

NOTE: Missing functions.php files in themes are often linked to the wp-vcd.php malware, typically located in the /wp-includes directory. Before installing a fresh theme, remove wp-vcd.php if it exists, or, if you want to ensure full safety, replace all default WordPress files as described earlier.

Malicious redirects

In some cases, when your website becomes infected with malware, it may begin redirecting visitors to harmful or suspicious pages. This problem is most commonly caused by an insecure plugin or theme, which allows attackers to alter database URLs or modify your website’s files.

NOTE: Never click on any of the redirected links. Doing so may infect your personal computer with malware:


To fix malicious redirects, follow the steps below:

  1. Locate a database configuration file for your website - wp-config.php in your cPanel > File Manager > the website’s root folder. Open the file and find the website’s database name in there:


  2. Then, open the database assigned to your website in the phpMyAdmin menu of your cPanel by clicking on it, and navigate to the wp_options table (“wp_” is the default prefix; yours may differ):


  3. Review values of the siteurl and home fields, and in case you see malicious or suspicious URLs there, replace them with your actual domain name: 


  4. Scan the rest of your database for similar malicious URLs and replace them accordingly. 

  5. Temporarily replace your current .htaccess with a clean default version. It’s best to rename the existing file (e.g., .htaccess_old) and create a new one from scratch.

    To rename the file, double-click it > select Rename from the list > enter a new file name > and press Rename file.

    After that, to create a new file, click + File > name it .htaccess > and select Create New File.

  6. Once the new .htaccess is created, edit it by right-clicking on it > select Edit from the list. Once the edit window is open, paste the following default WordPress rules in the file:

    # BEGIN WordPress
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress

  7. Click Save Changes.

If your website continues to redirect, try replacing all default WordPress core files.

You may also temporarily disable all the plugins via the WordPress dashboard or database, and try enabling them one by one. Once every plugin is enabled, check the website to detect which one causes the malicious redirect issue.

A valid email is required