WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Help! My site has been hacked. (7 posts)

  1. ajita
    Member
    Posted 3 years ago #

    My site, planetfarming.com, still under construction, has been hacked and now displays an image with streaming music. Planetfarming.com is the primary site on a wordpress install that runs 4 sites. All the other sites are fine.

    I have looked at the general guidelines, but I cannot figure this out. I'm hoping someone can identify this hack and which files have been hacked. Please help!

    Thank you

  2. It's a waste of time to find out which files have been hacked. Replace all core WP files and clean your theme and database, too. See FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex

  3. hedronist
    Member
    Posted 3 years ago #

    My condolences. You're not really a website owner until you've been hacked at least once.

    "Which files have been hacked?" is the wrong question to start with. Assume all files have been hacked until proven otherwise (which can be hard to do). Sometimes the best approach is:

    1. Make a copy of the database and uploaded files (images, etc.),
    2. Make a list of all themes & plugins you are using,
    3. Wipe the site,
    4. Reinstall WP with a different, strong password,
    5. Reinstall themes & plugins, reload database.

    This may sound extreme, but many hacks are multi-level and getting all of the crud out of your site may be far more effort than it's worth. I have sites on dedicated servers where completely cleaning a hack out took more than a week. A huge PITA.

    I am not connected with Automatic (the company that brings you both wordpress.com and .org) but they have a new service at http://vaultpress.com/ to monitor and restore sites in case of things like this. It's in beta test, but may be worth looking at.

  4. ajita
    Member
    Posted 3 years ago #

    Thanks for the responses songdigtech and hedronist.

    Firstly, I had assumed that the core files are good because the hack is restricted to one site while the wordpress install is running 4 others. I really do not want to go through the entire process of creating a new wordpress install and setting up all the sites.

    Secondly, there are a few posts I read online where wp-multisite experts claim that the core files are the least likely targets of a wordpress hacker, and that re-installing wordpress is often not necessary.

    In any case, I think I have to get professional help on this one. I am way in over my head here. I wish there was some way I could do some damage to the hacker. I used firebug to identify the source of the image: http://www.al-ebda3.com/xxx/1111111111111111111111111.png

    Thanks a lot for the advice.

  5. hedronist
    Member
    Posted 3 years ago #

    The core files are not invulnerable. We had a person last week ask the forum about some weird behavior on her site. Cause? Hacked index.php file.

  6. ajita
    Member
    Posted 3 years ago #

    I found someone to help me through freelancer. Thanks for the responses, everyone!

  7. The core files are not invulnerable. We had a person last week ask the forum about some weird behavior on her site. Cause? Hacked index.php file.

    Clarification: hackers are not coming in via vulnerabilites in WordPress itself.

    hackers have been getting in via things like ftp (which is far easier to hack in to than wordpress) and outdated server software. See the last few rounds of hacks at MT and Godaddy.

    make sure you update your FTP and Cpanel passwords *as well*.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags