Title: Hackers editing files? Last modified: August 19, 2016 --- # Hackers editing files? * [c](https://wordpress.org/support/users/igneous/) * (@igneous) * [16 years, 10 months ago](https://wordpress.org/support/topic/hackers-editing-files/) * Ive been having some issues with hackers for the past couple weeks. I had mistakenly left a lot of files with 777 file permissoins, so I assume thats how they did it? They kept putting in links and scripts into them files and index.php. I changed my FTP password, but left a few things at 777 by mistake again and it happened again. Is there any way other than changing permissions and the FTP login details for them to get in? Viewing 3 replies - 1 through 3 (of 3 total) * [Doodlebee](https://wordpress.org/support/users/doodlebee/) * (@doodlebee) * [16 years, 10 months ago](https://wordpress.org/support/topic/hackers-editing-files/#post-1145783) * Well, yeah. If you left your files at 777, then most likely they went right for the wp-config.php files and now have access to your database. If you haven’t changed your WordPress password (as well as the password, and probably the username too – for the database) then they can just get in over and over again. * All of your files should be set at 644 or 666, all folders should be 755. At this point you should take care of that, and then go into your hosting control panel (or whatever you use) and set a new database user and password. You’d have to reflect those changes in your wp-config.php file so your WordPress can have the new connection settings. You might also want to contact your host before you do anything and let them know – because if they *did* get into your database, it’s possible they could compromise the entire server. You should let the host know what’s going on, and let them see the activity the hacker has been doing so they can take appropriate action to prevent further loss (if any has occurred). They’ll also help you figure out how to secure your own site so you don’t get hacked again. * You also might [read this](http://codex.wordpress.org/Hardening_WordPress). * Thread Starter [c](https://wordpress.org/support/users/igneous/) * (@igneous) * [16 years, 10 months ago](https://wordpress.org/support/topic/hackers-editing-files/#post-1145919) * The config file was never 777 as far as I know. I changed the permissions back on friday, and it happened again this morning. They are somehow getting into files with 644 permissions like index.php default_filters.php and more and putting in an iframe code. Im changing ftp passwords, I dont know what else it could be * [Doodlebee](https://wordpress.org/support/users/doodlebee/) * (@doodlebee) * [16 years, 9 months ago](https://wordpress.org/support/topic/hackers-editing-files/#post-1145973) * Did you contact your host about this? If your file permissions are correct, and you’ve gone as far as changing your database password (and possibly the name) then I’d say someone else on the server has a back door left open, and the hacker is gaining access through some other site – possibly wreaking havoc on the entire server. The hoist should be made aware of this so they can track it down and fix it. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Hackers editing files?’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 2 participants * Last reply from: [Doodlebee](https://wordpress.org/support/users/doodlebee/) * Last activity: [16 years, 9 months ago](https://wordpress.org/support/topic/hackers-editing-files/#post-1145973) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics