WordPress.org

Ready to get started?Download WordPress

Forums

Hacker changed Index page & we can't log in to CP (4 posts)

  1. wingpeople
    Member
    Posted 1 year ago #

    A hacker calling himself MR.MoRo has changed our Index page to a "first warning" related to a "bug from your server" -- and we can no longer log in to the Control Panel. We've tried using the password retrieval link, but our user name is also no longer working.

    Can anyone help?

  2. If you can't even get into your CP, talk to your web host.

    Once you regain control of your web hosting account, work your way through these resources and follow all instructions to completely clean your site, or you may be hacked again. See FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex. Change all passwords. Scan your own PC.

    Consider changing to a more secure host: Recommended WordPress Web Hosting

    If you can't do the work yourself, consider looking for a reputable person to fix it correctly on jobs.wordpress.net or freelancing sites such as Elance. (It's not a good idea to respond to unsolicited emails from forums users offering to work for you.)

  3. wingpeople
    Member
    Posted 1 year ago #

    My wording was poor. I CAN get into the CP for the hosting account. I CANNOT get into the WP-admin area, since the logon name and password which I have successfully used in the past no longer seem to work.

    I've found the "bad" Index.php in what the host labels the "public_html" area. I have backups showing a few different versions of other Index.php files:

    a) in public_html/wp-content :

    <?php
    // Silence is golden.
    ?>

    b) in a backup folder :

    <?php
    /**
     * Dashboard Administration Screen
     *
     * @package WordPress
     * @subpackage Administration
     */
    
    /** Load WordPress Bootstrap */
    etc.

    c) in the live "www" folder :

    ...the hacked index.php file

    I know just enough to be dangerous. Is one of the "a)" or "b)" files the one I should copy into the "www" folder to replace the hacked index.php?

    AND, what can I do about the WordPress ACCOUNT which seems to have been changed so that I cannot log in?

  4. wingpeople
    Member
    Posted 1 year ago #

    Update: I've managed to remove the hacker's changes to our logon & have changed logon and password for WP and the site is back up. I've removed a plug-in he installed. I've also changed all passwords, especially on the SQL database, and changed permissions on the wp-config file.

    Anything else obvious that I'm missing? So far, everything I've found has had a single modification date, so I've also looked at every file & folder to see if that date appears anywhere else.

    Thanks!

Topic Closed

This topic has been closed to new replies.

About this Topic