How to Replace all Plugins After a Hack

When you have been hacked there is only one safe way to deal with it, replace all the code with new fresh code so that you are 100% sure there are no back doors left.

# First go to your server with SSH
ssh [email protected]

# Change to the WordPress install
cd ~/public

# Replace all WordPress.org repository plugins
wp plugin install $(wp plugin list ——field=name) ——force

This process can also be useful to those who have FTP-uploaded plugins and have old unused code in their directories that were not overwritten during the upload process.

With Pro plugins, you will most likely have to do this process by hand. It will always be quicker to remove the old directory before uploading via the command line as you can delete whole directories in one go. If you use FTP to delete it will delete each file and sub-directory separately before deleting the parent directory, thus taking much more time.

# First go to your server with SSH if you are not already there
ssh [email protected]

# Change to the plugins directory
cd ~/public/wp-content/plugins

# Remove the plugin directory by name
rm -rf plugin-name

Be very careful when using rm -rf it means “force remove recursively everything below this point”.

Andrew Killen

Latest

Environment

How to Replace all Plugins After a Hack

Latest

Servebolt Backups

What are WordPress Salts, and how to Change them

How to Protect Your Website From a DDoS Attack

How to Blacklist or Whitelist IP’s on Your Website

How to Turn on/off SFTP/SSH Access for an Environment

Multi-Factor Authentication (MFA) Emails From Cloudflare

Adding Additional Security to Outgoing Email

How to add Security Headers to Your Site

“Sorry, this file type is not permitted for security reasons”.