Tutorials

How to Restore Compromised WordPress Core Files Safely

Learn the safe process for restoring compromised WordPress core files. Step-by-step guide to replacing infected files without breaking your site.

D
David Kim
5 min read
688 views
Restoring compromised WordPress core files

When core files are compromised, you need to replace them carefully. Rushing the process can break your site or miss other malicious code. Follow this guide for safe restoration.

Before You Start

Take a Complete Backup

Even of the compromised site:

  • You may need to reference infected files
  • Restoration might have issues
  • Forensic analysis later

Document the Compromise

  • Which files are modified?
  • What changes were made?
  • When did it happen (file modification times)?
  • Any patterns or signatures?

Put Site in Maintenance

Prevent visitor access during restoration.

Safe Restoration Process

Step 1: Get Your WordPress Version

Check wp-includes/version.php for current version:

$wp_version = '6.4.2';

Step 2: Download Clean WordPress

Get the matching version from WordPress.org:

https://wordpress.org/wordpress-6.4.2.zip

Step 3: Replace wp-admin

  1. Delete entire wp-admin folder
  2. Upload clean wp-admin from download
  3. Verify upload completed fully

Step 4: Replace wp-includes

  1. Delete entire wp-includes folder
  2. Upload clean wp-includes from download
  3. Verify upload completed fully

Step 5: Replace Root Files

Replace all root PHP files EXCEPT:

  • wp-config.php (your configuration)
  • .htaccess (your rules)

Step 6: Review wp-config.php

Manually check wp-config.php for injected code:

  • Compare against wp-config-sample.php
  • Look for unusual code at beginning/end
  • Check for unexpected includes

Step 7: Verify Restoration

  1. Run integrity check with WP Folder Shield
  2. All core files should now match
  3. Fix any remaining issues

After Restoration

Full Malware Scan

Core files are clean, but malware may exist elsewhere:

  • Scan themes and plugins
  • Check uploads folder
  • Scan database

Update All Passwords

  • WordPress admin accounts
  • Database password
  • FTP/SFTP passwords
  • Hosting account

Regenerate Security Keys

Get new keys from: https://api.wordpress.org/secret-key/1.1/salt/

Replace in wp-config.php

Find the Entry Point

  • How did attackers get in?
  • Vulnerable plugin?
  • Weak password?
  • Patch the vulnerability

WP Folder Shield Restoration

WP Folder Shield simplifies restoration:

One-Click File Restoration

  1. Integrity scan identifies modified files
  2. Click "Restore" next to any file
  3. Clean file downloaded from WordPress.org
  4. Automatic replacement

Bulk Restoration

  • Select multiple files
  • Restore all at once
  • Progress tracking

Verification After

Automatic re-scan confirms successful restoration.

Get WP Folder Shield for easy core file restoration and ongoing integrity monitoring.

Share:
D
Written by David Kim

WP Folder Shield Team

Related Articles

The Ultimate Guide to WordPress Security in 2026
The Ultimate Guide to WordPress Security in 2026

Learn how to protect your WordPress website from hackers, malware, and security threats with this...

January 15, 2026
How to Scan Your WordPress Site for SEO Spam and Hidden Malicious Content
How to Scan Your WordPress Site for SEO Spam and Hidden Malicious Content

Learn effective methods to scan your WordPress site for hidden SEO spam, malicious links, and...

January 13, 2026
How to Protect Your WordPress Uploads Folder from Malware
How to Protect Your WordPress Uploads Folder from Malware

The wp-content/uploads folder is one of the most vulnerable directories in WordPress. Learn how to...

January 13, 2026

Ready to Secure Your WordPress Site?

Get complete protection with WP Folder Shield.

Get Started