by Michael VanDeMar
Getting hacked sucks, plain and simple. It can affect your rankings, cause your readership to be exposed to virus and trojan attacks, make you an unwilling promoter to subject material you may not actually endorse, and in many cases cause the loss of valuable content. However, once it happens it is usually best to not procrastinate on the clean up process, since a speedy restore will most times minimize the damage that was caused.
Following is a step by step process on how to completely clean out and restore a WordPress installation that has been hacked.
1. Backup the site and the database.
2. Make a copy of any uploaded files, such as images, that are referenced.
3. Download a fresh version of WP, all of the plugins you need, and a clean template.
4. Delete all of the files and folders in the WP directory,
either through FTP (slower) or through cPanel’s File Manager (faster).
5. Re-upload the new fresh copies you just grabbed.
6. Run the database upgrade (point your browser at /wp-admin/upgrade.php).
7. Immediately change your admin password.
8. Go through the posts and repair any damage in the posts themselves.
UPDATE: 9. If you are having issues cleaning the installation yourself