Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.
Check WordPress Version
Ensure that you are using the correct version of WordPress. If your core files are corrupted, you might need to replace them with a fresh version.
Download the latest version of WordPress from wordpress.org.
Extract the downloaded ZIP file to get a clean set of WordPress files.
Replace Core Files
Backup Your Site:
Before making any changes, ensure you have a backup of your database and any essential files.
Delete Core Files:
Delete the wp-admin and wp-includes directories from your server. You do not need to delete wp-content or wp-config.php, as they contain your theme, plugins, and configuration files.
Upload Fresh Files:
Upload the wp-admin and wp-includes directories from the fresh WordPress download to your server.
Replace Other Files:
You may also want to replace individual files in the root directory such as wp-login.php, wp-settings.php, etc., except for wp-config.php and .htaccess.
I’ve already follow the guide and recovered old core files with fresh from the latest version downloaded at wordpress.org.
I’ve now only this two errors remain:
Fatal error: Class ‘WP_REST_Revisions_Controller’ not found in /web/htdocs/www.lacoccinelladidiana.it/home/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-revisions-controller.php on line 17
Fatal error: Uncaught Error: Call to a member function set() on null in /web/htdocs/www.lacoccinelladidiana.it/home/wp-includes/l10n.php:856 Stack trace: #0 /web/htdocs/www.lacoccinelladidiana.it/home/wp-includes/l10n.php(959): load_textdomain(‘default’, ‘/web/htdocs/www…’, ‘it_IT’) #1 /web/htdocs/www.lacoccinelladidiana.it/home/wp-includes/class-wp-fatal-error-handler.php(49): load_default_textdomain() #2 [internal function]: WP_Fatal_Error_Handler->handle() #3 {main} thrown in /web/htdocs/www.lacoccinelladidiana.it/home/wp-includes/l10n.php on line 856
It looks like you missed at least one core file still.
Try downloading WordPress again, access your server via SFTP or FTP, or a file manager in your hosting account’s control panel (consult your hosting provider’s documentation for specifics on these), and delete then replace your copies of everything on the server except the wp-config.php file and the /wp-content/ directory with fresh copies from the download. This will effectively replace all of your core files without damaging your content and settings.
If you’d like to manually make a backup of your site first, please follow the steps at https://wordpress.org/documentation/article/wordpress-backups/
Some uploaders tend to be unreliable when overwriting files, so don’t forget to delete the original files before replacing them.
With the latest version of wp i’ve the error yet.
I’ve downloaded the version that was installed on my site (6.5.4) and now i can access on wp-admin page and i see my homepage too.
There are a lot of graphics errors / issues and some errors on the top of the screen but i think it depends from the files inside wp-content that i renamed because were infected. I’ll start to restore original file one by one and correct all the errors.
If you give some help it is appreciated!
Thanks
We have no more access to WordPress sites than any normal visitor, nor would we want more than that, so we can’t help with replacing those files.
If you’re speaking of plugin files you renamed, I recommend replacing the entire plugin, not just the modified file(s).
like visitor you can see the top error in all the public pages:
Order allow,deny Deny from all Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteRule ^index\.php$ – [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] Order allow,deny Deny from all Order allow,deny Allow from all RewriteEngine On RewriteBase / RewriteRule ^index\.php$ – [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
I deleted the .htaccess file and then recreate one with the “basic” wordpress rules:
BEGIN WordPress
RewriteEngine On RewriteBase / RewriteRule ^index.php$ – [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
END WordPress
But still appear that error.
Any idea?
you don’t see nothing because I’ve already fix all the issues before you look at the site 😀
the problem was that the hack put a .htaccess file (that says no php,exe,py files could be execute) in every 1576 folders 😀
I deleted all the .htaccess files except the one in the root and I fixed all the issues. Site comes back working at all!
thanks to everyone for the support!
