We find often that we need to restore WordPress core files manually. Maybe we suspect that a hack has taken hold of them and made changes, or perhaps they have somehow become corrupted.
Regardless, it’s something I often discuss doing in other posts, and I figured I’d put together a quick tutorial.
This video walks you through it step-by-step but you can also read along below for the same instructions.
Steps to Manually Restore WordPress Core Files
Note that these instructions are for advanced users. You could irrevocably damage your site if you don’t know what you’re doing. Proceed at your own risk.
- BACKUP UP YOUR ENTIRE WEBSITE and store it in multiple places for safe keeping (include both files and database)
- Download a fresh copy of WordPress
- Extract it to a local folder
- Navigate into the “WordPress” folder
- Select all files and folders in there, except wp-content
- Create a new zip file with the selected files and folders (using your application of choice)
- Upload the resulting zip to your website’s root folder using an online file manager, like what cPanel includes
- Delete the /wp-admin/ and /wp-includes/ folders (but make sure you leave /wp-content/ intact)
- Delete all WordPress files in the root – leave any non-WordPress files, and don’t delete .htaccess, wp-config.php, robots.txt, or the zip file we just uploaded (if you’re unsure of anything, just skip this step and the files should theoretically be overwritten as-needed regardless)
- Extract the zip file directly into the root
That’s it! You should now have a fresh copy of all WordPress files. If there was anything bad in the WordPress core files before, it should be gone now.
This doesn’t necessarily fix your website of a hack by itself, since it likely doesn’t fix the original source of the hack. Make sure to read our other blog posts about specific hacks for more on that.