Hacked | Cannot even login

  • vaschops

    (@vaschops)


    9 years ago

    Hi..

    I have 14 wordpress sites in one shared hosting account.
    Some mine, some artists and a couple of business.
    Somehow the account got hacked and now I cannot even login to the sites.
    Most login pages appear blank (even those I changed using iThemes Security plugin to a different url than /wp-admin).
    For some, if I manage to get the login page using /wp-login.php, credentials dont work anymore.
    Some iframe injection took place.
    I am stuck.

    How do I go from here?

    I ve been using UpDraftPlus for backups.
    I guy from the hosting support tried to change password from the database but that did not work either.

    Any advice is welcomed.
    Been hacked before, and I was really making an effort to keep all sites up to date since then.
    Maybe I missed an old demo site or something.
    I use Wordfence in all sites + iThemes Security.
    Also hardened WordPress where possible.

    Never had a site hacked like this.
    Asked hosting to perform a security sweep.
    Still waiting.

    Please advise.
    Kind thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • wslade

    (@wslade)

    9 years ago

    Why don’t you restore from UpDraftPlus?

    Thread Starter vaschops

    (@vaschops)

    9 years ago

    Thanks for your reply.

    UpDraftPlus is very cool to restore your site at a previous stage, if u r logged in.
    But I am not sure how to use it to restore via ftp, as it saves different parts at different folders – not the same tree structure. I am working on it.
    It is new to me.

    Any ideas how can the hack prevent login and change credentials?

    Most likely they accessed the root folder of my account and thats how they hacked all the websites.
    So, I would like to secure the account first if possible, before start fixing the sites one by one. Is this a good logic?

    wslade

    (@wslade)

    9 years ago

    I wouldn’t want to be faced with 14 broken sites, all in one account. restoring from a known good backup is the quickest and surest way to having your sites back.

    I do not use updraftplus. If it does have a requirement for a working site, a 5 minute install and a new site may be the answer.

    Since you have everything on one account, your host likely has the ability to do a full account backup. Having everything back in 15 minutes or less is a pretty sweet deal.

    Otherwise, you will have to clean each site independently. My first step would be to move everything to your Desktop. Delete all the files on the server and rebuild one site at a time. If you try working in your current server, I could see clean sites becoming reinfected from the still damaged sites.

    Unless you have a lot of time to kill. Restoring from back up is your best solution. I would make backups of all databases and at least the wp-contents directory and wp-config.php files for each site before you let the host restore – if you go that route.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Hacked | Cannot even login’ is closed to new replies.