WordPress.org

Ready to get started?Download WordPress

Forums

My WordPress is hacked (10 posts)

  1. bgbs
    Member
    Posted 2 years ago #

    How can I restore my site back to life?
    All the pages, accept for index.php page shows 404 error. Even when I try to enter to wp-admin control panel, I get 404. The 404 error page is not the one generated by WordPress, it is the one generated by Hostgator hosting company.

    Here is too things I discovered hacked did to my site. My index.php file had this code in the beginning. http://i372.photobucket.com/albums/oo169/bgbs/index.png
    After I removed it the homepage loaded with no problems.

    2. the homepage directory had this load of files http://i372.photobucket.com/albums/oo169/bgbs/directory.png
    I dont know what these are, but I removed them from my directory. The file source was encoded showing jibberish code.

    Please help me figure this out. Thanks

  2. Andrew Bartel
    Member
    Posted 2 years ago #

    Login to hostgator and change the database and ftp logins so that whoever maliciously had access now no longer does (and choose a long password), then in their file editor, change your wp-config to match your new entries. Now it's yours again.

  3. bgbs
    Member
    Posted 2 years ago #

    I already took these necessary steps, but my whole directory is affected or infested already. Updaing config file, and change passwords would not get rid of 404 errors. I wonder if anybody knows what I need to do to get rid of the 404 not found pages.

  4. smartobject2
    Member
    Posted 2 years ago #

    Sure, but the password change is only one step. Now, back up the the files/directories. Then remove them-not wp-config.p- and re-install WordPress.
    Also search on harden WordPress here at the dot org site for some other steps / advice.

    If the site has been hacked, then the hacker has a backdoor somewhere in your files / directories. Only a complete remove and re-install will get you started in the right direction (in my opinion).

    Don't forget the backup step and ask someone if you're not sure.

  5. smartobject2
    Member
    Posted 2 years ago #

    Oops - I see now you've been here since before I had even heard of WordPress -
    Cheers

  6. wpreser
    Member
    Posted 2 years ago #

    For this reason, there a lot of posts begging WP developers to make it easy to hide/rename WP folders (admin, content) but in vain, alas!

  7. esmi
    Forum Moderator
    Posted 2 years ago #

    Sorry but that really has nothing to do with it. See http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

  8. wpreser
    Member
    Posted 2 years ago #

    Well, I see that all what was said in the link argue for making WordPress more secure!
    If WordPress is a victim of its success, or because users don't pay attention...etc., this is a strong reason to make WP more secure. One of these ignored methods is offering users to mislead hackers by renaming or hiding the working folders.
    Doing such, WP security will be enhanced and its vulnerability will notably decrease.
    At worst, offering such an option will not hurt! Instead, it will add a robust security layer and make it more trustworthy by users!
    People will trust WP much more when they find it fulfilling their needs.

  9. wpreser
    Member
    Posted 2 years ago #

    My last reply here was deleted? !!!

  10. Spam filter, it happens. The deleted post was restored.

    Edit: And that topic has well and truly been discussed to death.

Topic Closed

This topic has been closed to new replies.

About this Topic