Hi there,
Two of my sites were just hacked from Iran using the theme-editor.php file. Using the latest version of WordPress. Has anyone else had their site exploited this way?
Cheers,
James
Hacked twice via theme-editor.php (6 posts)
-
jamesmcd
Posted 3 months ago #
-
Andrew Nevins
Posted 3 months ago #
Have you resolved the hacks?
-
Posted 3 months ago #
Yup, I've had WordPress hacked ~10 times this year already so I'm getting pretty good at getting them back up. It's crazy - I don't know why my clients' sites are being targeted. Apart from Iran, we've had trouble from Saudi Arabia.
-
Posted 3 months ago #
How have you resolved the hacks?
-
Posted 3 months ago #
Well first I need to fix whatever WordPress core and theme files they've wrecked, so I've logged in via FTP and fixed those up plus removed all the spammy links/porn/etc left on the server. They usually replace the index.php (both core and theme), and the header/footer/page files of the theme.
I've been extremely lucky that they've left my WP admin email address intact, therefore I can reset my WP password. Once I've reset my password (which they always change) I go through my pages/SEO and make the necessary corrections.
-
Posted 3 months ago #
If you've removed the malicious code, you've just removed the symptom and the hack remains.
If you haven't already, you need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
Reply
You must log in to post.
