WordPress.org

Ready to get started?Download WordPress

Forums

My wordpress admin user automatically changed!! My website is hacked?? (5 posts)

  1. ahamedibrahim87
    Member
    Posted 2 years ago #

    Suddenly a mail came stated that your wordpress used id "kalviadmin" password changed with out my knowledge.. I tried update my DB and fixed that issue.. But it was again some automated hacking system changed the password..

    I noticed that unwantedly posted google adscripts in all my php files like front.php, sidebar.php, post.php etc.,

    MY WEBSITE IS HACKED IT SEEMS... DON'T KNOW WHAT TO DO???

    PLEASE HELP ME TO GET OUT OF THIS ISSUE!!

  2. esmi
    Forum Moderator
    Posted 2 years ago #

  3. Pali Madra
    Member
    Posted 2 years ago #

    Hello,

    The same happened to a website I'm working on. The admin username which was "guru" was changed to "gawadooo". I had installed WordPress 3 days back.

    The install was a new one. No customization had been done to the code. Only two plugins were installed

    i)ThemeFuse Maintenance Mode and
    ii) BulletProof Security

    The username has been changed and I know this for sure. I have the confirmation mail which was sent when the WordPress was setup and now the mail when I clicked on "lost password". The username is different one in both the emails. I'm perplexed and curious to know what is happening with the site.

    @esmi thank you for the suggestions.

    @ahamedibrahim87 how did you fix the issue. Since it has been 2 weeks since you reported it is the website in question working now or were there more instances of the admin username being changed.

    I'm going to clean the server and do a fresh install.

    Will update if there are more issues.

  4. ahamedibrahim87
    Member
    Posted 2 years ago #

    @palimadra
    Actually I couldn't find the reason behind this issue..

    I am more suspicious about CODE GUARD.. which is third party server providing a platform for having a backup of our website files and DATABASE

    Check my website http://www.kalvikalanjiam.com

    In doing so, they asked me to give the details of FTP and MYSQL Username and Password.

    I think, some automated hacking system doing such nonsense in my site..

    fortunately I had OLD DB files and website files..

    I replaced all the FTP files and delete username TABLE IN DB and update that part alone with the OLD DB..

    NOW I AM MORE, CAREFUL IN GIVING DETAILS TO OTHER THIRD PARTIES

    Hope this will give some brief idea to your problem also...

  5. Pali Madra
    Member
    Posted 2 years ago #

    @ahamedibrahim87 thank you for the feedback.

    In your case Code Guard may be the issue as you have provided the server details. What is driving me nuts is that by default WordPress does not allow you to change the username but here is a case where the username has been changed! Further in case of such changes an email notification is sent to the administrator and I received nothing. Was this the case with you as well? If it was, then it means that the changes were done via the MYSQL interface and WordPress was not involved in the process (please let me know if I'm wrong somewhere).

    In my case I realized that there was a demo site hosted in a sub directory of my server which was built in WordPress. Since the site was built 6 months back and no updates were made (including WordPress updates and theme updates) the server became vulnerable to attacks.

    The lesson I have learnt from your experience is to be very careful when giving out server details to anyone.

    However, I hope there are no more reports of something like this happening with other WordPress developers.

Topic Closed

This topic has been closed to new replies.

About this Topic