Further study shows that, after attempting to download the Page Link Manager, it appears that my Installed Plugin file /wp-admin/plugins.php gets redirected to http://abe.muhay.eu/s.php. Is there anyway I can delete my plugins.php file and install a new one? My public site is not affected just my Admin’s Installed Plugin file has gone. Any suggestions are appreciated.
Delete the plugin. Then treat it like a full hack, and remove all of WP’s files, download fresh copies, and go from there.
Mika, Sorry I doubled posted but I never received any reply on the Page Link Manager posts. Thanks for replying and letting me know someone is out there. I still have the damage done by the hacking. This is even after I went to my hosting company, removed my old files, uninstalled my WordPress installation and reinstalled it. Now, I still get redirected to http://abe.muhay.eu/s.php when I click the Installed Plugins on my WordPress dashboard. In other words, when I should be going to http://caminosecrets.com/wp-admin/plugins.php I end up at http://abe.muhay.eu/s.php. I checked through all my files and didn’t see anything suspicious. I searched for a solution on WordPress which suggested I check my .htaccess file for hacks, but contents looked ok to me:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Any suggestions would be appreciated.
I found another .htaccess file containing the hacker’s url. This file is in the root folder of a site that my site shares the account with. My site is in a subfolder. I’m waiting for this file to be removed or to get permission to remove it. I received info on another post (from intrin) who received a similar attack and fixed it by re-installing and then installing the Bullet Proof Security plugin.
I removed the hacker’s redirection by deleting my browsing history.
I just checked this plugin – seems fine to me. Probably another plugin that did this…
Dale
Dale,
I’ll keep that in mind. Thanks for checking.
Clive