I don’t even know where to begin. I updated my secret key in the wp-config file… what now. i dont’ even know which file is infected. I honestly want to cry.
i deleted two files
wp-apps.php and wp-count.php
Start working this resource: My Site Was Hacked
Sorry to hear about your troubles.
Hi,
Don’t throw out the baby with the bath water just yet.
WordPress is perfectly secure. It appears hacker has installed some hidden back door scripts within your site.
So you could re-install a hundred times and still not clear those back door scripts. Your next step is to first reinstall the source scripts using the option in WordPress, image:
http://goo.gl/wABQj
You’ll still need to log in via FTP or File Manager and check every directory on your website in hopes of finding those bad scripts. Sorting by date within your FTP or File Manage can be very helpful as well.
Here’s what i’ve done so far:
1. Updated my secret key in the wp-config file.
2. Changed all my db passwords
3. Verified the permissions of all my directories/files
4. Deleted these two files: wp-apps.php and wp-count.php
5. Restored back-up from beginning of the month (when it was working fine)
nothing has worked. i am still getting redirected to that asian site. My site has been up since 2008 and only recently all these problems have started.
I think your next best step is to do as WPyogi recommended and contact Bluehost about this. There may be a problem on their end and they have much more insight as to what happened than anyone on these boards.
I think it’s worth paying a yearly subscription to Sucuri.net who can clean your site up quickly then monitor it 24/7 = no worries. I had similar problems with repeated attacks on tmdhosting and after many tears, even after ‘hardening’ the sites as suggested above, i now just leave it up to the professionals to look after 🙂
@beautyblogger – Try these steps:
1) make sure there isn’t a .htaccess file above the public_html directory. If there is, delete it.
2) Delete the .htaccess file in your public_html directory, go into your WordPress admin, go to Settings -> Permalinks, shange them to something other than what they are, then switch them back. Post here with the results as to whether or not it works.
I agree with @sharlene_c. I would contact sucuri.net and see if they can help. Cleaning out hacked sites is what they do, and they do it very well.
