Support » Fixing WordPress » Account hacked; changed username

  • Sarah

    (@sanfranista)


    My WordPress.org account was hacked, and the hacker changed the admin username and email address. My username (sanfranista) was relegated to a subscriber vs. the admin/author. Since discovering the hack, I’ve reset the passwords on both WordPress and Bluehost (my server), and I was able to change the admin email back to my own. However, I am unable to change the username back.

    So now, there are two admin users on my account, sanfranista (which is what my original username was), and suryanata (hacker/fake user). Suryanata’s account is listed as the author of all 203 of my posts. I want to remove this faux user, but I’m concerned that if I do, my posts and hard work will be deleted.

    Is there any way to take back over authorship of my posts and then delete this impostor? I asked Bluehost for help, but they were stumped about how this person was able to change the username in the first place.

    Thanks so much for your help!

    The page I need help with: [log in to see the link]

Viewing 3 replies - 31 through 33 (of 33 total)
  • Ok, i had to check a web site with this same problem and looking into this issue i found this topic. So i only have been working for a few hours. But i think the following is relevant and may apply to other sites. Hope this info helps you.

    1. No access to asigned admin user, reset via database in table users as described in this topic. Change username and passwords.
    2. Found code inserted in the file index.php in the root directory of the site. Dont expect to see a date change and looks like a long string but is converted and exceuted as php code. This code is responsable for displaying a “random” page and adding it to the sitmap.xml and other changes. Need more time to read all the code, but seems to be all its functions. Replace index.php with a original version your wordpress version.
    3. Delete sitemap.xml and home-site-map.xml
    3. Delete the file z.html, that displays the perpetrator’s name.

    Recommended actions

    Check and restore .htaccess file and file permissions

    psr2018

    (@psr2018)

    Hello people,

    I’ve been a WordPress user for some years now, with almost ten themes, with no problems at all, so far.
    I just had my account suspended for my hosting service due to the mass hacking of several WP platform websites by a FOX ANONYMOUS.
    I’ve heard that WP has already been notified, but it does not support and does not release a patch to resolve this. ‘
    And just an alert.

    My account has been hacked. My site was deleted by me in July. The person had the site resurrected by writing to you from my gmail account. The site was http:/stranger1116.wordpress which used to be shinky71.wordpress.
    I have deleted my google account and still this person is on my wordpress site. he changed the gmail to techreclaimed@gmail.com and set up a recovery telephone number as7325231652.
    please help.

Viewing 3 replies - 31 through 33 (of 33 total)
  • The topic ‘Account hacked; changed username’ is closed to new replies.