Verifying that I have fully removed a WordPress hack?

Posted by Prem Tiwari | Updated on

Have you identified the exploit vector? If not, you may be leaving yourself open to future exploit.

Other things to consider:

  1. Change WordPress admin user passwords – done
  2. Change Hosting account user password
  3. Change FTP passwords
  4. Change MySQL db user password – done
  5. Change the db table prefix
  6. Update your wp-config nonces/salt
  7. Check your directory/file permissions
  8. Block directory-browsing access, via .htaccess
  9. Go through everything in the Hardening WordPress Codex entry
  10. Go through everything in the FAQ My Site Was Hacked Codex entry

If you like this question & answer and want to contribute, then write your question & answer and email to freewebmentor[@] Your question and answer will appear on and help other developers.

Related Questions & Answers