STEP 6: Update wp-config.php file
Next, we are going to ensure we have an uncorrupted wp-config.php file. Why do we need to do this? It’s possible that your configuration file was manipulated by the malware. In certain instances, malware code is inserted several hundreds or thousands of lines at the bottom of this file. The standard wp-config.php has no more than 92 lines. However, we’d rather not take a chance here, so rather than attempt to correct the file, we’ll simply create a new wp-config.php file.
Follow these instructions:
1) open wp-config.php in a text editor. Please understand that MS Word is not a text editor. On PC, you may use NotePad++ or TextWrangler / TextMate on a Mac.
2) Identify the following values and make note of them in a separate file or on scrap paper:
- WP database name
- WP database username
- WP database password
3) Now, we’re going to rename your existing wp-config.php to wp-config-OLD.php.
4) Now, we’re going to find wp-config-sample.php and duplicate it. Name the duplicate copy as wp-config.php. Essentially, what we’re doing here is starting with a clean wp-config.php file as there are no values within this file.
5) open your new wp-config.php file, and enter the values we copied earlier for the following:
- database_name_here should be replaced with the WP database name
- username_here should be replaced with WP database username
- password_here should be replaced with WP database password
6) Now, we’re going to get new salt keys. Copy the salt keys from that link and paste them into the file by overwriting the following text:
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);
That’s it for the wp-config.php file. You now have a sanitized file, and in the event you need to revert back to the original, remember that is named wp-config-OLD.php.
NOTE: If you also run BuddyPress or BBPress on your site, you’ll need to do the similar steps to update their corresponding configuration files (i.e., bb-config.php)