Hi everyone!
So I’ve never used WP or Godaddy before so please forgive me if my terminology is not correct. I’ll do my best to be as detailed as possible and I greatly appreciate any help and advice you all can give me!
Side note: I’m currently studying Full-stack Web Development (I’m currently only proficient with front-end languages). But because I’m studying web development my dad has asked me to take over and fix his business website and I agreed. He’s given me full control over all of it.
Anyway, it’s a WordPress site that is hosted on Godaddy. His website hasn’t been touched or even logged in to since 2010. He’s only logged into GoDaddy here and there to update his payment info. I was able to get access to everything and I have updated his WordPress to the latest version and I have updated his PHP to the latest version.
His website was also extremely infected with malware. I’ve done a scan and wiped all malware from it using the MalCare plugin. I’ve also just bought him a new SSL certificate and am working on getting that set up. While I was setting it up I went to paste the HTTPS redirect code into the .htaccess file. the file pathway is wp-content/plugins/welcome-to-wordpress/resources/htaccess (adding this info to see if that is a normal pathway for .htaccess). When I opened the .htaccess file the only thing in it is a GoDaddy copyright from 2012 and beneath that it just says “deny all” other than that it’s completely empty. This doesn’t seem right at all to me, when I research what should be inside the .htaccess file everything shows that there should be much more in there.
I’m having trouble getting anything to combine between WordPress and cPanel. For example, the WP dashboard is still giving me the PHP update recommended warning and saying that the PHP is still 5.6 when I’ve successfully updated it to 8.1. I’ve been searching all over the place: google, youtube, [wp.org]). GoDaddy, and anywhere else I can find trying to figure out how to get WP to realize that the PHP is up to date but nothing has worked so far. But when I deleted old plugins and themes off the WP dashboard and installed new ones I can see that accurately on my Cpanel so communication from WP to cPanel is working but cPanel to WP is not.
Basically, at this point, I’m 72 hours into trying to piece this all back together while trying to keep some parts of the content so I can reuse it. But it just seems like it’s all such a mess and broken, I’m wondering if it’s better if I delete it all and start over completely from scratch because that seems like it will be a million times easier than trying to get all of this stuff to work together correctly again and then rebuild it from there.
All help and advice is appreciated!! Thank you if you’ve read all of this!
[ad_2]
I have never experienced this with any of my WP-based sites but if I did, I would take it off line, deleted the existing database, create a new one and put up a simple landing page/site, and then rebuild the site from scratch, assuming the site was infected because of older WordPress or plug-in security issues. Along with all the typical [security hardening steps](https://www.wpbeginner.com/wordpress-security/), you should also whitelist your (and his?) IP address in the htaccess file, and fix any [security header issues](https://securityheaders.com/).
First step: get off godaddy.
2. download a backup of the site and set it up locally
3. Delete all the plugins and themes files/folders and wp-admin and wp-includes folders then download them from the sources I.e. WordPress.org and the repo. If you can’t source the theme because it’s so old it doesn’t exist anymore, find an alternative.
4. Install Wordfence and run a scan to confirm the site is clean.
5. Upload site to your new hosting.
Agree with the others here but also wanted to let you know about the htaccess…
> I went to paste the HTTPS redirect code into the .htaccess file. the file pathway is wp-content/plugins/welcome-to-wordpress/resources/htaccess
That’s an htaccess file for that welcome to wordpress plugin which is probably a GoDaddy plugin. The .htaccess file you want to edit would be in your root folder (same folder the wp-content, wp-admin, wp-includes folder reside in). If you do not see one there then the site is probably not using “pretty” permalinks. Change them to something else or resave/update the Permalinks settings in the dashboard. That should generate a .htaccess file in the root.