Support » Fixing WordPress » Hacked Site Question

  • Hi all,

    A site I manage has been hacked twice this month, both times with base64 code being injected into numerous PHP files.

    Since I changed all passwords after the first hack, I’m wondering if there is a different issue, but I’m not sure where to look.

    One thing I noticed is that all of the tables in my SQL database are renamed such that “_ndmpug” is in all the names, e.g. wp_ndmpug_posts.

    I’m not sure how to figure out what caused this or whether it’s even a problem as a Google search comes up empty. Nothing seems amiss in the database content itself.

    Does anyone know where this renaming might have come from?

    Thanks!

Viewing 1 replies (of 1 total)
  • If the hacker gained server level access to your MySQL account from the first hack, there still may be a problem. Did you change your DB password in wp-config? The DB table prefix is also set in wp-config.

Viewing 1 replies (of 1 total)
  • The topic ‘Hacked Site Question’ is closed to new replies.