If you reinstall wordpress via FTP, overwriting the current files (but NOT overwriting the wp-content folder), you’ll probably be able to access your site. However – whoever hacked your site has probably left a backdoor in somewhere, and those are tricky to find and remove. If its a possibility at all, I’d hire someone to do it (unless you’re technically inclined, have a penchant for learning, and a fair amount of free time).
Hi Peter,
Thanks for your quick advice!
I don’t remember which WordPress version is running. Will it matter if I overwrite it with a more advance version?
Thanks
Shakhar
It should be fine, as long as you’re overwriting with a version that’s relatively close (like, within 2 versions). You can check though, by looking at yoursite.com/readme.html.
If you do want to match your old version (although, again – it’s probably not a problem to upgrade this way), you can download older versions of wordpress here:
http://wordpress.org/download/release-archive/
O.K., I’ve overwritten everything except the content directory, but still no joy.
Can’t access the site and I still get the message:
{“error”:[“No key”,”No appid”,”No secret”]}
In the meantime I also found the obvious hacking signs below in my awstats082011.txt file.
Any ideas?
# Worm ID – Hits – Bandwidth – Last visit
# The 5 first Hits must be first (order not required for others)
BEGIN_WORMS 0
END_WORMS
# Search engine referers ID – Pages – Hits
BEGIN_SEREFERRALS 2
google 29 34
search 2 2
END_SEREFERRALS
# External page referers – Pages – Hits
# The 25 first Pages must be first (order not required for others)
BEGIN_PAGEREFS 28
[removed spam links]
END_PAGEREFS
Here’s the .htaccess file.
Can you see anything there?
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I don’t remember which WordPress version is running.
The current version that you are using will be coded in your version.php file. It’s located in the wp-includes folder. It should be near the top of the php file. Should look something like this:
* @global string $wp_version
*/
$wp_version = '3.2.1';
Thanks all. Solved!
Overwrote with latest version.
Found all contaminated files by their time-stamp. Deleted!
Password was extremely weak – changed it.
All’s well that ends well.
Thanks again
Shakhar
espelled – When you’re posting logs, PLEASE remember to strip out links. Especially when they’re to spam sites 😉 You tripped the spam filter with those.
