How to replace all plugins after a hack

When you have been hacked there is only one safe way to deal with it, replace all the code with new fresh code so that you are 100% sure there are no back doors left.

// First go to your server with SSH
# ssh [email protected]
// Change to the WordPress install
# cd ~/public
// Replace all repository plugins
# wp plugin install $(wp plugin list ——field=name) ——force

This process can also be useful to those that have FTP uploaded plugins and have old unused code in their directories which were not over written during the upload process.

With Pro plugins, you will most likely have to do this process by hand. It will always be quicker to remove the old directory before uploading via the command line as you can delete whole directories in one go. If you use FTP to delete it will delete each file and sub-directory separately before deleting the parent directory, thus taking much more time.

// First go to your server with SSH if you are not already there
# ssh [email protected]
// Change to the plugins directory
# cd ~/public/wp-content/plugins
// Remove the plugin directory by name
# rm -rf plugin-name

Be very careful when using rm -rf it means “force remove recursively everything below this point”.

Give us your feedback on this article