Getting hacked has become synonymous with starting fresh, losing your content and access to your website. Thing is, you can have it all and a bag of chips. Computer chips.
Okay, maybe not a bag of computer chips, but you don’t have to scrap your entire site you worked so hard on after it’s been hacked.
While it seems easier than cleaning up post-hack what with all the hidden spam, broken pages and malware, managing your site after disaster strikes doesn’t have to be complicated or difficult.
It can be quite a straightforward fix even if you’re locked out of the admin dashboard (or database) and don’t have a backup to restore. You can still save your content and your site from spam and malware.
Today, I’ll show you how to manually migrate your WordPress content, check your database’s history, edit out spam and malware, and change your admin login credentials when you can’t access your admin dashboard or database and you don’t have a valid backup.
Feel free to skip down to the section you want to peruse and that’s most pertinent to you:
- What to Do When You’re Locked Out
- Back It on Up
- Accessing Your Database
- Checking Your Database History
- Changing Your Login Credentials
- Migrating Your Content
- When You Can’t Access Your Database
- I Don’t Want to Miss a Thing (and You Don’t Have to!)
What to Do When You’re Locked Out
When you can’t get into your WordPress admin dashboard, the best option is to go through your database. Typically, you’re still able to access it because it hasn’t been compromised like the back end of your site.
Below, you can find out how to access your database to recover and migrate your content, change your login credentials and reset WordPress and Multisite.
If the reverse is true for your site and your database was hacked, but your admin dashboard is still accessible, check out When You Can’t Access Your Database later on.
Back It on Up
Your WordPress site may not be looking so hot right now, but you may as well back up your site, just in case. That way, you can restore it if something goes wrong along the way. You never know so it’s best to be prepared.
Do I sound like a boy scout? Well, that doesn’t make it any less true so go ahead and back up your database.
Accessing Your Database
To manage your WordPress site through your database, you first need to access it and you can do this through phpMyAdmin, SSH or cPanel.
Check out A Quick Guide to the Terminal and Command Line Prompt for WordPress for details.
To access your database through cPanel, log into your account and go to Databases > phpMyAdmin.
When the page loads, find your database listed on the left, then click on it to reveal all of your site’s tables.
From here, you can manage your WordPress site as described below.
If you don’t know which database corresponds to your WordPress site, you can find out by searching through your wp-config.php file.
Go back to cPanel and click on Files > File Manager. Then, go to the root of your site and click on the wp-config.php file that’s listed there.
Next, click on the Edit button toward the top of the page to open the code editor.
If a pop-up appears, be sure to select the
utf-8 option in the character encoding drop down box, then click the Edit button.
Next, find the database name for your WordPress site’s database by finding code that looks similar to the example below.
database_name_here, your wp-config.php file shows the actual name for your database. This is the name you need to click on in phpMyAdmin to access and manage your site through its database tables.
Checking Your Database History
Before you make any changes to your database, you should check your history logs to see if you notice anything out of the ordinary. If you see that tables were accessed or changed and not by you or someone you authorized with access, then it’s probably a hacker.
It’s best to check your history sooner rather than later for two reasons:
- You don’t want to add legitimate entries to your history since it creates more items to sort through. This makes it knowing where and when the hacker infiltrated your database less obvious.
- phpMyAdmin only saves the last 25 actions so if you start changing or accessing tables, you could completely erase the entries that would otherwise clue you in about the hack.
Once you know which tables have been tampered with, you can fix them or export them, edit out any spam or changes the hacker made and save your content. This is covered later on, but for now, it’s important to take a look at your database’s history.
Finding Your Database’s History
Once you’re logged into phpMyAdmin, find the Console button at the bottom of the page and click on it.
Then, click the History button on the top, right to view a list of the last 25 changes to your database by default.
You can also hover over one of the items listed to see the exact date and time of the instance and the name of the database that was affected. You can see if a change was made or if a table was accessed.
Once you know which tables were targeted, make a note of them so you can export and fix those tables later on.
Changing Your Login Credentials
Whether you have forgotten your password and you’re unable to recover it or you suspect that you’re locked out because your site was hacked, you can edit your account details through your database.
By searching through your
wp_users table, you can see if there are any suspicious accounts that don’t look like they’re genuine. If you find on that doesn’t look legitimate, you can delete that table.
You can also look into it further by checking your
wp_sitemeta table and the
site_admins field. Check each account for signs of tampering.
For details, check out Getting Constantly Hacked? How to Stop WordPress Backdoor Exploits for Good.
While you’re there, you can also change your email and password.
In phpMyAdmin, make sure your database is selected on the left-hand side. Then, click the wp_users table. A list of all your site’s user accounts should appear on the right.
Find your account on the list, then click on the Edit button on the same line.
You can change the password for your account by selecting MD5 in the
user_pass function drop down box. This lets you add an unencrypted password.
Not to worry, once you save your changes in a minute, your password will be encrypted. Changing this function simply makes it more straightforward to change your password.
Now, you can replace what’s in the
user_pass value field with your new password.
If you also want to change the email address for your account, you can replace what’s in the
user_email value field with the email you want to use.
When you’re done making changes, you can click the Go button at the bottom of the page, but be sure that the Save option is selected in the drop down box beforehand.
Creating a New Admin User Account
Sometimes, it’s best to be cautious, especially if you think your site has been hacked. If you know your site is secure and you made a mistake that locked you out, then you can feel free to edit your account password and email as mentioned above.
On the other hand, if you’re pretty sure you have been hacked, it’s best to create a whole new admin account to ensure you have at least one account that’s not compromised. It’s still a good idea to edit your user accounts and remove anything added by a hacker. This is just an extra step to ensure your site’s security as much as possible while you start the process of cleaning up your site after the hack.
You can create a new admin account in phpMyAdmin.
Start, by logging into phpMyAdmin and selecting your database from the left-hand side, then click on wp_users in the list. A list should appear on the right where you can click the Insert tab toward the top.
Next, fill in the fields with the applicable details:
- ID – This is the user ID number. Pick a number that hasn’t been used yet.
- user_login – The account username that you want to use to login should be eneted into this field.
- user_pass – Choose MD5 in the drop down box and enter your desired password.
- user_nicename – This is the account’s nickname.
- user_email – Enter your email address that you want associated with the new account.
- user_registered – Choose the current date.
- user_status – Set this field to
- display_name – This is the display name for the account that’s visible on the front end of your site.
At the bottom of the page, click Go to create the new user account.
Now that you have a new user set up, you need to turn it into an admin account. To do this, click on the wp_usermeta table listed on the left and underneath your database name. Then, click the Insert tab.
You can leave the umeta_id field empty, but fill in the rest of the fields:
- user_id – Enter the same number you set for the ID for the user account you created earlier.
- meta_key – You need to type
wp_capabilitiesinto this field.
- meta_value – In the multi-line text box, enter in
Once that’s all done, click Go at the bottom of the page to save your changes.
You’re not quite done yet so click Insert toward the top of the page to add a new row to the table. Leave the umeta_id blank once again since this field will be automagically populated when you have saved the row later on.
For the rest of the fields, enter the following details to set the admin privileges you need to use the account and have access to everything:
- user_id – Once again, enter the same ID number you set for the last step.
- meta_key – Enter in
wp_user_levelinto this field.
- meta_value – Type
10into the multi-line text box.
Once again, click Go at the bottom of the form.
Your new admin account is now all set up and you can start using it right away.
Before you log into your site whether you updated your account credentials or created a brand new admin account, update your site’s security keys. Doing this adds an extra level of security to your site by expiring the cookies that keep current users logged in.
That way, if you were hacked, the intruder is kicked out of your site and can’t access it in many (but not all) cases.
For details, check out The Ultimate Guide to WordPress Security.
1.6 million WordPress Superheroes read and trust our blog. Join them and get daily posts delivered to your inbox – free!
Migrating Your Content
At this point, you can try logging in and seeing if you’re able to access the admin dashboard. If you can, you can export your content as you typically would.
You can check out How to Move Content From One WordPress Site to Another for details.
If you’re still locked out, there’s an alternative. You can manually export your content via your database. This is especially helpful if you want to not only export your content, but edit out any spam as well.
Tables, Exporting and Editing, Oh My!
Before you jump right in with manually migrating your content using your database, it’s important to understand where WordPress stores data in the database. That way, you can figure out exactly where to find the particular content you want to migrate.
The WordPress database stores a ton of data for your site:
- Posts and pages
- Categories and tags
- User accounts
- Plugin and theme settings
- Widgets and sidebar content
- Theme framework layouts and templates
- Cron schedules
- Lots of other data
All this data is stored within tables in your database and each table has a specific purpose. For example, the
wp_options table stores all your WordPress settings such as your site’s timezone and admin email. It’s also often used to store your theme’s settings as well.
All the tables in your database are also grouped and possibly linked together.
When a set of tables all relate to each other in some way, they’re grouped together and share the same prefix. This lets you know these tables contain data that correspond to each other and hold similar information.
For example, the tables that all contain data relating to your site’s WordPress settings have the
There are also some table groups that are linked together. While linked tables groups all have different sets of data, they’re linked because they are related to each other in the way that they function.
For example, there’s the
wp_comments group of tables and the
wp_users group of tables. They each have their specific sets of data that are stored. Since they need to work together in cases where you need a user account to comment, they’re linked.
To see all the WordPress database tables and how they’re grouped and linked in some cases, check out the Database Description WordPress Codex page and diagram for details.
When you want to migrate specific content, you need to choose all the tables that are grouped together with that content as well as any table groups that are linked to it. Otherwise, you may only migrate some of the content you want or it could otherwise be broken.
For example, the diagram above shows that the
wp_posts table is linked to every other table group except the
wp_links table groups.
So, if you wanted to migrate your posts and pages, you would need to also migrate all those other tables. If you don’t some features of your site are going to break. You could also lose some of the content you intended to save as well.
Export This, Migrate That
Once you know what type of data each table group stores, you can export them to start the migration process for the content you want to save.
Ideally, you’re going to want to migrate your entire database, but when you have been hacked, it can be difficult to search through your content to pinpoint and delete all the spam and malware.
That’s when segmenting your database backups and exporting them to a human readable CSV file can be helpful. From there, you can edit what you need, then migrate only the good stuff.
Still, you should export each table group separately and export them all. That way, you can migrate them later to prevent your site from breaking.
There are certain types of content that are often the target for spam and malware. Exporting and editing the tables that store this data can help you catch all the hacker’s injected content and delete it before migrating your site’s content.
Here’s a list of the table groups you need to export in order to edit the commonly targeted content types:
- Posts and pages –
- Comments –
- Categories –
- Tags –
- Users –
wp_users(Don’t forget that passwords are serialized.)
- Theme settings – They’re usually stored in the
wp_optionstable group, but not always. Contact your theme’s author to know for sure.
- Plugin settings – The tables you need to export are different for every plugin. Typically, each plugin has their own set of tables.
Contact the plugin author for details on the specific tables you need to export.
If you have the time, it’s best to check all your tables for malware and spam. For details, check out How I Cleaned Up My Site After It Was Hacked and Blacklisted, Help, I’ve Been Hacked! How to Troubleshoot and Fix a WordPress Site and Getting Constantly Hacked? How to Stop WordPress Backdoor Exploits for Good.
Now that you know what tables you want to edit, then migrate, let’s get to it.
Exporting and Editing Data from Your Database
When you’re locked out of your admin dashboard have access to your database, you can recover your content and edit out any spam or other data a hacker added.
As mentioned earlier, you can view a history of the actions taken in your database. Once you know which tables haven’t been tampered with, you can export them as an SQL file. For the tables that have been hacked, you can export them as a CSV file so you can remove the spam or added data before adding it back to your site.
Exporting Tables as an SQL File
For your database tables that haven’t been hacked or if you simply want to export your content, you can do so from phpMyAdmin.
Click on the database where you have tables you want to export, then click the Export tab toward the top of the page.
Select the Custom radio button, then select the tables from the list that you want to export. It’s a multi-select box so you can press Shift on your keyboard and click one of the tables to highlight that one and the ones before it. Conversely, you can press the Ctrl or Command key and click the individual tables you want to select.
The other setting should be fine so scroll to the bottom of the page and click Go. Then, save the file to your computer.
Exporting and Editing Hacked Tables
For the tables where you found spam, you can export them as a CSV file for a straightforward editing experience. You can remove the spam and save as much of your content as possible.
Unless you find tables that contain only spam and none of your actual content. In this case, you can go ahead and delete those tables altogether. For and tables that contain a mix of genuine and spam content, you can export and fix them.
In phpMyAdmin, click the database on the left that contains the tables you want to export, then click the Export tab.
Select the Custom radio button and select the tables you want to export as mentioned above.
Under Format, select CSV instead of the default SQL option. More options should dynamically appear. In later version of phpMyAdmin, the Columns separated with field is populated with a comma and this is what you want. In older versions, you need to change it from a semicolon to a – you guessed it – comma.
Next, check the Put column names in the first row box. This adds the field names for the tables in the first row so it’s easier to tell what you’re looking at later on.
Click Go at the bottom of the page to export the tables and save them to your computer.
Open them in a compatible program and edit what you need, then save the file when you’re done.
Importing Your Database Tables
Now that you have your tables exported and edited as needed, you can import them to a fresh install of WordPress.
After you have created a fresh website, install and activate the plugins and themes you had on your original site. Also be sure to adjust any applicable WordPress, plugin and theme settings.
Once that’s done, you can import your tables.
Go back to phpMyAdmin where you have your new database and choose it from the menu on the left. When the list of tables appears on the right, check each table you want to replace. Then, select Drop in the With selected drop down box.
You should be prompted to confirm your selection. If the list of tables is correct, click Yes.
Keep in mind that dropping database tables will break your site or otherwise make parts of it unavailable. That is, until you import the tables from your original site that match the ones you dropped. That’s the next step.
Click the Import tab, then on the Choose File button. Select one of your files that contain your tables and open it.
If its an SQL file, you can click Go at the bottom of the page.
On the other hand, if it’s a CSV file you need to import, choose CSV in the Format drop down box after selecting the file as described above.
More options should dynamically appear. Be sure that the Columns separated with field is set to
, instead of a
; as is the default for older versions of phpMyAdmin.
Then, check the box labeled The first line of the file contains the table column names.
When that’s all done, click Go at the bottom of the page to import the file.
Your new site should be all set up with your original content. You can go ahead and check it out.
When You Can’t Access Your Database
Now you know how to manage your website if you’re locked out of the admin dashboard, but what if you’re locked out of your database instead? You definitely need to act quickly since a hacker can gain entry into every crevace of your front end at any time if they have full access to your database.
If you think you have been hacked rather than it being a case of forgetting your password, log into your site and change the password and email address associated with your account right away. Then, regenerate your security keys.
This isn’t going to fix the issue, but it should buy you some time while you install and set up a security plugin such as Defender. This should help you isolate the issue and assist you in fixing it.
Start a scan of your entire site as soon as you set it up. While it’s running or soon after it’s done, back up your entire site.
For details, check out How to Backup Your WordPress Website (and Multisite) Using Snapshot, Creating a Manual Backup of WordPress When It’s Down or Locked and 4 Top WordPress Multisite Backup Solutions Tested and Reviewed.
This isn’t going to fix your site, but it saves your content so you don’t lose everything. If something goes wrong while you recover your site, you have a backup that you can use to restore your site and its content.
As an added safety net, migrate your content as you typically would. You can check out How to Move Content From One WordPress Site to Another for details.
Then, follow the details in this article to edit out any signs of the hacker and migrate your content over to a fresh installation of WordPress. Some of the spam and other injected data may be already gone, but there may still be some lingering stragglers that you can remove.
Once you have done that, double check that all your content has been uploaded successfully.
If everything looks as it should, delete your old website immediately. This prevents the hacher from doing any additional damage.
Change the login credentials to your hosting account and other similar accounts such as for WHM or cPanel.
IF you think you’re being too cautious in your attempt to update as many login details as you can, you’re not. It can be difficult to know what the hacker has access to so that’s why it’s a good idea to change all your login credentials related to your hosting account including your email address.
I Don’t Wanna Miss a Thing (and You Don’t Have to!)
Losing all your WordPress site’s content is one of the most devistating aspects of getting hacked or becoming accidentally locked out of your site. Fortunately, you can recover your content in either case and save your site.
Follow the details above and you should be good to go.