Before Some day my client website hacked by some one.
I have sorted many things but still WordPress back-end is not working.
I don't know what you've done to "sort" the problem so far, but if you're going through the system fixing it bit by bit, then you're almost certainly not properly removing the hack. You really need to start from fresh to deal with this, otherwise the hacker will probably still have access.
Firstly, take a snapshot of the site. Now. Get a copy of what you have at the moment and save it somewhere. This will help you if you want to investigate the hack further, and could also be useful for recovery in case you have any data loss from the next steps.
What you need to do next depends on whether you have a backup or not. If you do...
- If you had a backup from before the hack, restore the site from that backup.
- Once the site is up and running from the backup, install the latest patch release of WordPress.
- Check every plugin you've used for security issues. If there are security patches for them, then install them. If a plugin has any known security issues that are not yet patched, then disable the plugin.
- Now check your site to see if you've lost any data; eg if any CMS pages were modified since the backup date. If there is any data loss, you may need to manually restore it. Hopefully there won't be too much, so this shouldn't take too much work. (it helps if you caught the hack early).
If you don't have a backup... well, you should have had one! Learn from this and start doing backups for all your sites. But it's too late to fix that now.
- Best advice in this case is to re-install WordPress from scratch. Make sure you get the latest version with all current security patches.
- Then re-install all your plugins and themes. Make sure none of them have any known security issues.
- Then you'll have to manually recover the content from the database. Depending on how big the site is, this could be messy. Use the backup you took of the current site.
Lessons to learn:
- Always keep backups.
- Install security plugins that can monitor the site for suspicious activity and harden it against hacks.
- WordPress has a terrible reputation for security. I suggest teaching yourself how to use an alternative CMS platform (I suggest Joomla), and use that instead for future projects.