Site has been hacked, please help
-
Our website has been hacked (www.thegalleysink.com). Please help.
-
You need to start working your way through these resources:
- http://codex.wordpress.org/FAQ_My_site_was_hacked
- http://wordpress.org/support/topic/268083#post-1065779
- http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
- http://ottopress.com/2009/hacked-wordpress-backdoors/
Additional Resources:
It looks like I repaired the hack and have since updated to WordPress 3.8 along with updating all plugins. The hacked file was the index.php file (which I have since replaced with a clean index.php from a site backup). Are there any other suggestions as to steps I should take to prevent someone from accessing my site in the future? We’re using a unique password and that obviously wasn’t changed during the hack. Could they have gotten in through a vulnerable WP plugin?
There are some good ideas for hardening WordPress here: http://codex.wordpress.org/Hardening_WordPress
There could be a vulnerability in a plugin — particularly if you don’t keep them up to date, but equally it may have been a theme or a vulnerability in the server.
I’ve been running the Twenty Eleven theme for our blog site.
You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/Anything less will probably result in the hacker walking straight back into your site again.
Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.htmlThanks esmi. I’ve changed the password in the wp_users DB file for the blog site (which it looks like is where the hacker got in, because he had entered his own email address in the details). I’ve never done Secret Keys part and would like to do so, but am confused as to which to use.
I clicked on the link for the WordPress key generator on this page http://codex.wordpress.org/FAQ_My_site_was_hacked. I should copy and paste those keys over the ones currently in my wp-config.php file for both my main website and my blog site?
Yes – assuming these are separate WP sites/installs. It would be even better if you generated a new set of keys for each site.
Okay, will do. We have three WP sites that I’m presently backing up and updating to 3.8 and will change out the keys in the wp-config.php file for each from the generator. I’ve never done this before and have always left them at the default.
That’s never a good idea.
I know and I’ve learned something new. Thank you. 🙂
Currently I’ve…
Updated both WordPress sites to 3.8.
Updated all plugins to their current versions.
Changed the password for the login to the WordPress blog site and changed the emails contact back to me within the wp-users file in the blog sites DP file.What I will do:
Change the password for the login to our main WordPress site.
Change the secret keys in the wp-config.php file for both sites to their own unique keys provided by the key generator.Anything else?
I’d also suggest changing your FTP and hosting management passwords – just in case this hack was the result of an FTP password leak from an infected machine. Have you scanned all of your computers?
- The topic ‘Site has been hacked, please help’ is closed to new replies.