Hi,
Sadly, most of the people I’ve been hired to fix their hacked wordpress blogs were hacked due to outdated WordPress or plugins or outdated themes installed.
Hackers are then taking advantage of the situation to inject their hacker back door scripts.
Suffice it to say, if you aren’t checking your blog at least monthly and/or not keeping your blog updated weekly / monthly it’s likely you’ll be hacked.
Your best course of action is first contact your host and get them to recover your website from backup. Once you have a clean copy in place then run (don’t walk) in making sure all your stuff is updated, all user/passwords changed, etc.
Hey,
not sure if it makes any difference.. but DR-MTMRD just add a ‘index.htm’ to your root directory.. you simply have to delete that one file.. I would suggest then going and CHANGING your FTP password..
how they got your FTP password would be up to you to figure out, but this should take care of the short term problem of making things go back to looking like they did before..
PS. I JUST had it done to me.. i host about 50 websites on my server.. every site was defaced.. all i had to do was remove the .htm file from every first level root directory and it went back.. now to the issue of how they got in :S
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
