Support » Fixing WordPress » I Think I’ve Been Hacked

  • Oh boy. I discovered this morning that my website has been hacked and I think this occured a few days ago and I just didn’t notice it.

    This is the code which is causing the heart ache:

    <html><iframe width=0 height=0 frameborder=0 src= marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe></html>

    Problem is that I’ve checked the various files (index, header, sidebar, footer etc) and I can’t find mention of this anywhere. Can someone recommend a way to get rid of this or at least tracking down WHERE it’s hiding?

    Any help would be MUCH appreciated.

Viewing 8 replies - 1 through 8 (of 8 total)
  • whooami



    that might not be in a theme file since it’s the first thing displaying.. check your wp-config.php, check your wp-settings.php, check all the files inside your root wp install (where your wp-config.php is)

    If you need help, you can zip ALL your files up and email them off to me @ whoo AT (delete this stuff) village-idiot DOT org.

    I’ll be happy to track it down for you.

    In the meantime — you need to get up to speed with your upgrades. Youre running a version of wp thats about 1-1/2 years old. Youre lucky thats all that has happened.

    Thank you soooo much Whooami. It fixed the problem.

    I’m in the process of talking my service provider to allow installation of the newest version of WP. Hopefully, that’ll be sooner rather than later.




    “it” what is “it”?

    where was the code?

    The iframe code was the last line in the wp-config.php file. Erased that and it disappeared.

    Thanks soooo much for your great help and super quick reply!





    You realize that that means someone edited that file?

    You need to make sure that the permissions on your files are all safe and sane:

    files = 644
    directories = 755

    and you need to upgrade, if you havent yet.

    And since someone got access to your wp-config.php they have your mysql info, including your mysql username and passwd . You need to change those.

    OK. So I’ve updated all of the permissions to the Files and Directories and changed my username and password to something much harder to crack. Hopefully this will keep hackers at bay until I can install the updated WP package.

    Thanks again for your help whooami!

    You still need to upgrade to the latest WP version.

    I know, I know….Working on it!

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘I Think I’ve Been Hacked’ is closed to new replies.