Support » Fixing WordPress » Core files compromised, URL changed, what should I do?

  • I have not been able to access my website for 4 days. When I finally got through to my hosting service I was told that files on my server have been changed and core files have been compromised. Also, Vaultpress says that my URL has been changed. So I guess my site was hacked. My question: If my URL has been changed does that mean someone else is running my site and, if so, is there something I can do to keep that from happening?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Hello!

    Looks like the site was compromised. I strongly suggest you to do the following:

    1. Change all passwords. WordPress password, cPanel, email, FTP, etc.

    2. Install WordFence and run the scanner. WordFence will check if there is a malicious code or file on your site.

    3. After running the scanner, install JetPack and enable the security features.

    4. Finally, create a backup of your site.

    Moderator t-p

    (@t-p)

    – The Exploit Scanner plugin can help detect damage so that it can be cleaned up. Other things you should do:

    • Change passwords for all users, especially Administrators and Editors.
    • If you upload files to your site via FTP, change your FTP password.
    • Re-install the latest version of WordPress.
    • Make sure all of your plugins and themes are up-to-date.
    • Update your security keys.
    • See FAQ My Site Was Hacked.

    – When you’re done, you may want to implement some (if not all) of the recommended security measures.
    – If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you (e.g., Sucuri, Wordfence …).

    Thank you so much for your suggestions. However, how can I change WP password or install those plugins when I can’t get into my site?

    Moderator t-p

    (@t-p)

    If you don’t have access to your admin area, use FTP/ SFTP , or your web-host’s cPanel or whatever file management application your host provides (no Dashboard access required).

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Core files compromised, URL changed, what should I do?’ is closed to new replies.