Title: My WordPress was hacked
Last modified: August 21, 2016

---

# My WordPress was hacked

 *  [JustGav](https://wordpress.org/support/users/justgav/)
 * (@justgav)
 * [12 years, 10 months ago](https://wordpress.org/support/topic/current-wordpress-hack/)
 * Hi,
 * I’m sure I’m not alone in expiring this hack at the moment, news on it seems 
   rather scarce.
 * Suffice to say it injects some code into the php files all over the place. This
   code is encoded but a few have already managed to decode it.
 * [http://www.justbeck.com/zend_framework-wordpress-hacks/](http://www.justbeck.com/zend_framework-wordpress-hacks/)
 * I’m running a clean up script which looks for the infected files and removes 
   the code, but the attack vector still seems scarce…
 * Gav

Viewing 6 replies - 1 through 6 (of 6 total)

 *  Thread Starter [JustGav](https://wordpress.org/support/users/justgav/)
 * (@justgav)
 * [12 years, 10 months ago](https://wordpress.org/support/topic/current-wordpress-hack/#post-3823716)
 * Code snippet of what to look for
    _ [Please do not post hacked code here]
 *  Thread Starter [JustGav](https://wordpress.org/support/users/justgav/)
 * (@justgav)
 * [12 years, 10 months ago](https://wordpress.org/support/topic/current-wordpress-hack/#post-3823717)
 * My apologies, it wasn’t actually a full chunk, but is it okay to put..
 * _[ Also redacted, really don’t post any of that here ]_
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [12 years, 10 months ago](https://wordpress.org/support/topic/current-wordpress-hack/#post-3823718)
 * This conversation keeps coming up. 😉
 * Don’t post any malware or hacked code here, snippet or otherwise. It doesn’t 
   help _anyone_ to do that and it’s just a Really Bad Idea™ to encourage that.
 * > Suffice to say it injects some code into the php files all over the place.
 * Decoding that is not the problem you have to solve. The problem is that your 
   WordPress installation was compromised and needs to be deloused.
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Anything less will probably result in the hacker walking straight back into your
   site again.
 * Additional Resources:
    [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress)
   [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) 
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  Thread Starter [JustGav](https://wordpress.org/support/users/justgav/)
 * (@justgav)
 * [12 years, 10 months ago](https://wordpress.org/support/topic/current-wordpress-hack/#post-3823719)
 * Muchly appreciated, will read 🙂
 * Yeah, the clean up begins, will report back any findings
 *  [tracysurf](https://wordpress.org/support/users/tracysurf/)
 * (@tracysurf)
 * [12 years, 10 months ago](https://wordpress.org/support/topic/current-wordpress-hack/#post-3823820)
 * I had the same problem. JustBeck.com as a good article on this with some scripts
   to help fix: [http://www.justbeck.com/zend_framework-wordpress-hacks/](http://www.justbeck.com/zend_framework-wordpress-hacks/)
 * Comments on that post is informative and it appears this malware can come back
   if the cause isn’t diagnosed.
 *  [daanz](https://wordpress.org/support/users/daanz/)
 * (@daanz)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/current-wordpress-hack/#post-3823932)
 * Hey all, one of my 3.5.1 sites got hacked with this zend framework thing. I removed
   the malicious code and updated to 3.5.2, updated all plugins, changed passwords–
   the works.
 * Things are almost back to normal, but some little things are missing – links,
   data. So how do I know if I caught all the malicious code? And how dit it get
   there in the first place?
 * Could WP be a bit more informative about this hack? Was WP hacked, was is a certain
   plugin, where a lot of people attacked by brute force..? Had the 3.5.2 update
   anything to do with this hack?

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘My WordPress was hacked’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 6 replies
 * 4 participants
 * Last reply from: [daanz](https://wordpress.org/support/users/daanz/)
 * Last activity: [12 years, 9 months ago](https://wordpress.org/support/topic/current-wordpress-hack/#post-3823932)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics