WordPress.org

Ready to get started?Download WordPress

Forums

WordPress database hacked. How can I cleanse it? (5 posts)

  1. worldzfree
    Member
    Posted 4 years ago #

    Long story short. I had an installation that I let get out of date. I got hacked. I completely backed up everything and wiped my install and installed a fresh one. I imported my database and I have this stupid hidden URL showing up in the site code. I assume it has to be something in the database. I have searched through the forums and multiple Internet sites and have had lots of tips of where to look in wp_options. I can't find the crap and it's driving me crazy. I could easily enough go scorched earth but I want to beat this @$@^%%@^ that hacked my site. Any tips of where to look in my DB?

  2. worldzfree
    Member
    Posted 4 years ago #

    thanks. i have found this links already and have gone through. the regex search is a new thing. any specific type of string i should search for? i have no frickin' clue how the urls are stored in the DB and where. wp_options? wp_posts?

  3. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

    could also be a rogue php file hidden somewhere on your server.... that was one of the hacks I had to figure out. It was buried 4 levels deep in my zencart store install...

    so many ways the spammers mess with you, and can be so hard to find.

  4. Search for the URL you see in your page source. Search RegEx searches in pages and posts. To search everywhere in your database, use http://wordpress.org/extend/plugins/search-and-replace/ or PHPMyAdmin. Change FTP passwords.

    As RVoodoo says, it can also be a script buried somewhere deep in a nested directory. Talk to your hosting company. If you're on shared hosting, they probably know about it, or should.

Topic Closed

This topic has been closed to new replies.

About this Topic