Support » Fixing WordPress » hacked by…

  • Unfortunately my website has been hacked last month. The attack publish a photo and substitute my article with the name of the hacker. Looking for more info I found it happened because I didn’t upgrade at 4.7.1/2 and 3.

    So that I don’t have any backup of the database before that data. I’m now doing a backup of the dbase and all the files.

    Once I restored the previous article the long tail of the hacker is cancelled or it could contaminate the backup file even if I restored my previous content?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    Restoring a backup prior to the incident is generally safe, but you should make sure that the vector they used is closed regardless. Just because the attack happened at a specific time doesn’t mean the door wasn’t always open.

    Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter clage

    (@clage)

    Hi James! Thank you!

    As the vector used utilized a bug into wordpress 4.7 – 4.7.1 and 4.7.2 is there anything specific on this kind of attack?

    I understood the attack is the same for several wordpress websites. It add a picture and change an article and the tile with the text Hacked by …

    And I’d like to know if any file of the wordporess structure could be corrupted

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    You’d have to open up every file and compare them to freshly downloaded WordPress files to determine if any file corruption took place, which is why one of the steps in the guide I linked you to earlier covers simply re-installing all of the core files. It’s much easier that way.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘hacked by…’ is closed to new replies.