Moderator
James Huff
(@macmanx)
Volunteer Moderator
Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
I’m trying to avoid a full system reinstall if possible….but it’s looking like it might be my only option. My guess is the virus altered a few lines of code and I just don’t know which ones….Thank. Any other thoughts would be greatly appreciated.
Do you have ftp?
If so and your WordPress version was up to date download WordPress from the home page, then just ftp the files to overwrite the installed files.
delete all files in the WordPress install except the wp-config, you might want to check your wp-config file as this will not be overwritten, or any data as the files and folders are not in the download.
Have a look in wp-config for any strange entries, then just upload the content of the wordpress folder in the download into the website directory.
if the problem is not resolved, it could be a SQL injection which might mean a database restore, or a corrupted plugin file, or your themes functions.php, unless you can find the file that caused the problem it may be a problem again.
Check with your ISP first to see if it is just your site, if not then just make them responsible you are paying for a service, my ISP can do a full restore for me quite quickly, ask them to do a safe restore from a backup at no charge, it is worth asking the question.
HTH
David
Thanks for the help guys.
I am fairly certain that a plug-in is the cause of this breach. Unfortunately, deleting all the plug-ins has not been of much use since the corrupted files are obviously loaded in all the other files as well.
It’s an odd little problem because once I got the virus removed from the site the lingering effects are these naggy little problems like not being able to load images to the front page or execute certain functions in the control panel. They all seem to lead me to a “error not found” as if the site can no longer find these files or commends even though I’ve uploaded clean versions of the theme and wordpress.
I’ll try deleting the entirety of the files (except config) via ftp and then proceed with a full reinstall of wp. Hopefully that takes care of it.
If anyone has any other thoughts I’d be really appreciative.
There is another GoDaddy post it seems it is a GoDaddy php attack, they should be responsible for the fix and have the tools to deal with it, and restore you to a safe restore point.
I would leave alone for now and contact GoDaddy support, who should be able to get the website and data back how it was.
David
Not a good idea to trust GoDaddy with a restore point. And don’t expect them to take responsibility. They get hacked on a regular basis. You have no way of telling if the restore ppint if far enough back and your old database, theme and WP core files are clean.
See the same links that James posted earlier: FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex
I am fairly certain that a plug-in is the cause of this breach.
so far, this has not been the case
it’s either been an ftp breech or server breech
