Support » Fixing WordPress » DreamHost says I have been hacked

  • I just received this e-mail from DreamHost:

    I'm very sorry but I had to disable It had
    been compromised by a hacker and was being used to execute commands on
    the server. It looks like it was WordPress. Please be sure that you are
    running the latest version of WordPress. I disabled the file by merely renaming index.php to

    The catch is I literally just upgraded to the latest version of WordPress (1.5.2) yesterday early afternoon.

    I am changing my passwords right now, uploading a copy of index.php again directly from a fresh download on, and e-mailing DreamHost to see if there is still an issue and if they can shed any more light into what happened.

    The disabled index.php file contains:

    /* Short and sweet */
    define('WP_USE_THEMES', true);

    Which is the exact same as what I just redownloaded from

    /* Short and sweet */
    define(‘WP_USE_THEMES’, true);
    ?> ‘

    Anyone have any other ideas on what I can do or how this happened?

Viewing 2 replies - 1 through 2 (of 2 total)
  • skippy



    It’s possible that you were compromised before you upgraded, and their log monitoring was also lagging behind your upgrade.

    Re-install WordPress 1.5.2 from scratch. Also follow these instructions for disabling register_globals:

    WordPress 1.5.2 should include logic to work around register_globals being on, but the generally accepted principal is “security in depth”: protect yourself and your site in as many ways as possible.

    Not as bad as what did to my site…

    “We have logs that you were spamming. We have deleted all of your files and are suspending your account indefinitely.

    Thank you for using”

    They attributed it to the comments on our site – which were disabled and removed from the template. Worst hosts ever.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘DreamHost says I have been hacked’ is closed to new replies.