WordPress.org

Ready to get started?Download WordPress

Forums

WordPress hacked - admin passwords reset (4 posts)

  1. oxygencreative
    Member
    Posted 1 year ago #

    Just in case anyone has come accross this - one of my wordpress installations has been hacked. There was a hacker message on the front page.
    The index.php file had been modified, also the wp-login.php file and there was an extra file called "fake.php". I've removed all these and replaced them with backups. All appeared to be good.

    BUT!!!

    ALL the admin passwords had been changed. I logged into phpMy admin and changed them all. I changed my DB user, password, FTP access and the wp-config file, upgraded to the latest version of WP, but the admin passwords STILL get changed every time one of the admins logs in successfully. But ONLY the user logging in has their password changed.

    I think I am going to need to do a ground-up re-install unless anyone else has a clue?

    Thanks

  2. You don't need to ground up, but you DO need to scrub your files.

    Delete all files and folders EXCEPT for these:

    /.htaccess
    /wp-config.php
    /wp-content/uploads
    /wp-content/blogs.dir (ONLY if you're using Multisite)

    Then reupload WP core, all your plugins and all your themes.

  3. Floridian12
    Member
    Posted 1 year ago #

    If the hacker is using a shell then it won't matter if you change your passwords, they can still gain access to your server via the shell. Run a scan on your server for the shell file. When the results come back clean, overwrite all files with a fresh install - except the wp-content folder.

  4. oxygencreative
    Member
    Posted 1 year ago #

    Thanks very much for your help and advice. I'll do as you suggest and post back here when everything is done.

Topic Closed

This topic has been closed to new replies.

About this Topic