Title: hacked by hacker
Last modified: August 20, 2016

---

# hacked by hacker

 *  Resolved [stuzphotography](https://wordpress.org/support/users/stuzphotography/)
 * (@stuzphotography)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/)
 * ‘Hacked by hacker’ message appeared on my site when i opened my home page. Could
   not open site, could not open admin panel. What can I do?

Viewing 15 replies - 1 through 15 (of 35 total)

1 [2](https://wordpress.org/support/topic/hacked-by-hacker/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/hacked-by-hacker/page/3/?output_format=md)
[→](https://wordpress.org/support/topic/hacked-by-hacker/page/2/?output_format=md)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189012)
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Additional Resources:
    [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  Thread Starter [stuzphotography](https://wordpress.org/support/users/stuzphotography/)
 * (@stuzphotography)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189015)
 * Thanks, I’ll get at it.
 *  [johnnyspade](https://wordpress.org/support/users/johnnyspade/)
 * (@johnnyspade)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189029)
 * I had the same thing happen to me today, on a bunch of different sites actually.
   Searching to see if it happened to anyone else, I found your message.
 * It looks like what happened is that the hack changed the index.php file in a 
   few different directories. Check the index.php file in your root as well as the
   index.php in the wp-content folder and any of your theme folders. I restored 
   the sites affected from backups, just to be safe, though the database appeared
   to be untouched. There appears to be a bunch of index.html files that were created
   in the affected directories as well.
 * One thing that all site affected seemed to have in common was that they were 
   all hosted on the same box at my web host, if that helps you.
 *  [jtoronto](https://wordpress.org/support/users/jtoronto/)
 * (@jtoronto)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189059)
 * A couple of HostPapa.com servers had hundreds of websites hacked like this today
   simultaneously across multiple accounts and multiple servers..
 * Also there are reports on Twitter from many other people as well on other hosts..
   all today. So I have a feeling that there is a bigger problem here.
 * The index.php file gets changed to “hacked by Hacker” and the header.php file
   in the theme folder also gets changed to the same thing … and index.html file
   also gets added.
 * **This happened on an up-to-date minimal WordPress install with no plugins and
   the classic theme so not sure how it is happening. Almost seems like an issue
   with the host or server itself?**
 *  Thread Starter [stuzphotography](https://wordpress.org/support/users/stuzphotography/)
 * (@stuzphotography)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189061)
 * So, is this a wait and see what happens situation before I try fixing myself?
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189071)
 * No – never assume that unless you can confirm with your hosts that they have 
   been hacked, are assuming full responsibility and that they will sort out your
   site. Generally speaking, you have to clean up your own site.
 *  Thread Starter [stuzphotography](https://wordpress.org/support/users/stuzphotography/)
 * (@stuzphotography)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189074)
 * Thanks, I’m looking forward to the discussion on how this gets sorted out. For
   me, lots to learn.
 *  [jtoronto](https://wordpress.org/support/users/jtoronto/)
 * (@jtoronto)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189084)
 * No you need to fix it yourself. That said if you are hosted with HostPapa according
   to their support department there was a security breach last night. But they 
   are not saying much else.
 * To fix this you need to get the following 2 files back:
    index.php in the root
   folder (get it from the default WordPress install) and header.php in your themes
   folder (if you don’t have a backup of that file you will need to start with the
   original from the theme). Also remove index.html which is created because the
   hack affects none WordPress sites as well/
 * I do think there is a larger security / vulnerability issue going on with this
   hack but we may have to wait for more reports.
 *  Thread Starter [stuzphotography](https://wordpress.org/support/users/stuzphotography/)
 * (@stuzphotography)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189088)
 * Ok. I am a Mac user and have located the various files but need to read more 
   to make sure I make the correct changes.
 *  [jtoronto](https://wordpress.org/support/users/jtoronto/)
 * (@jtoronto)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189089)
 * Here some more info on it:
 * _**As of yet there is no information about the exploit vector.**_
 *  [jtoronto](https://wordpress.org/support/users/jtoronto/)
 * (@jtoronto)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189090)
 * [http://www.atmayogi.com/2012/11/wordpress-vulnerability-hacked-by-hacker/](http://www.atmayogi.com/2012/11/wordpress-vulnerability-hacked-by-hacker/)
 *  [The Hack Repair Guy](https://wordpress.org/support/users/tvcnet/)
 * (@tvcnet)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189097)
 * I’m only hearing one hosts name so far being mass hacked.
 * If someone has specific details on another host mass hacked please post the details.
 * Seems to be a rash of anecdotal comments and I’m not seeing any indication of
   some zero day vulnerability in the wild. I’m seeing no where near the traffic
   I would expect to see in the hacker forums if there were the case; and number
   of hacking reports don’t appear to have spiked this week at all.
 *  [Viscosity](https://wordpress.org/support/users/viscosity/)
 * (@viscosity)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189100)
 * Potential the site has outdated plugins or exploited found in the plugins / wordpress
   that cause the malware infestion which lead to the massive hack. You can see 
   the antivirus [scan report](https://www.virustotal.com/url/ee226296f7837a6dec025a1587a38a4e2d4b170c5843a25e78d922a75e16c36f/analysis/1352858119/).
 *  [jtoronto](https://wordpress.org/support/users/jtoronto/)
 * (@jtoronto)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189101)
 * Viscosity: alkeiyasings.com is hosted by HostPapa according to WHOIS.
 * Most of these hacked sites seem to be hosted there.
 *  [Viscosity](https://wordpress.org/support/users/viscosity/)
 * (@viscosity)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/#post-3189102)
 * If the massive hack come from a single web hoster, then it is very likely that
   web hoster has been rooted that lead to the massive hacks. It may /may not be
   the issue of a wordpress issues.
 * alkeiyasings.com [web hoster information](http://whois.net/whois/alkeiyasings.com)

Viewing 15 replies - 1 through 15 (of 35 total)

1 [2](https://wordpress.org/support/topic/hacked-by-hacker/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/hacked-by-hacker/page/3/?output_format=md)
[→](https://wordpress.org/support/topic/hacked-by-hacker/page/2/?output_format=md)

The topic ‘hacked by hacker’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 35 replies
 * 12 participants
 * Last reply from: [The Hack Repair Guy](https://wordpress.org/support/users/tvcnet/)
 * Last activity: [13 years, 6 months ago](https://wordpress.org/support/topic/hacked-by-hacker/page/3/#post-3189155)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics