[resolved] I've been hacked. What to do next? (11 posts)

  1. andyomerovic
    Posted 2 years ago #

    My website has been hacked. http://www.cloudsmooth.co.uk

    I have so far been following this


    What to do next, and more important I cant log into wp-admin either - just take a look at the login page. Its messy.

    Apparently I need to edit wp_users but I cant find the table.

  2. ClaytonJames
    Posted 2 years ago #

    FAQ My site was hacked

    Here is a relevant discussion that contains the bulk of the info you will probably need:


  3. ClaytonJames
    Posted 2 years ago #

    @Jan Dembowski

    Man, am I getting lazy... LOL!

  4. andyomerovic
    Posted 2 years ago #

    I've just deleted everything in FileZilla.

    backed up first off course.

    All I have now is:


    Can I start again from here.

    C Panel is giving me problems now. Might have to re-nstall the hacked version and go from there.

    What a pain.

  5. andyomerovic
    Posted 2 years ago #

    I'm going to close this thread because I have fixed it.

    What I did.

    1) Deleted everything using File Zilla
    2) Deleted all MySQL databases and user names
    3) Used C Panel to make new database and user names
    4) Re installed WordPress making sure wp-config.php renamed according (removing that sample bit) and editing inside to right database name etc
    5) Uploaded WordPress using File Zilla to new directory of public_html

    This video helps to explain the process very clearly:


    Lessons going forward:

    BACK-UP regularly. It isn't hard to do so. But if your in my position now you have to download the damn theme, plug ins and upload pictures, make pages etc again. Pain in the butt.

  6. Viscosity
    Posted 2 years ago #

    It seem like it has been already reset back to default.

  7. andyomerovic
    Posted 2 years ago #

    Yeah thats what I had to do.

    I cant be bothered to look EVERYWHERE for malicious code etc.

    Its simpler for me to just rebuild the damn website.

    Going forward I will multi back-up to fast restore with a wide variety of choices.

    This method is only to be used in worst case scenarios and god forbid if you have more than the 15 or so pages I had.

    I still have my wp-content I can re-upload but I think there could be a back door in there too.

    If I were a hacker thats where I'd put it.

    What do you think?

  8. bcworkz
    Posted 2 years ago #

    The uploads folder is exactly where several known hacks store backdoors and backup copies of malicious code. NEVER upload hacked wp-content to a clean site!

    Hopefully your story has inspired many to backup their installation regularly, including the wp-content stuff. It's possible for almost anyone to get hacked eventually, often through no fault of their own. Backups -- just do it!

    Sorry for your troubles.

  9. Viscosity
    Posted 2 years ago #

    It take minutes to hack while hours to restore without backup. The morale of the story is always plan ahead for disaster.

  10. andyomerovic
    Posted 2 years ago #

    That's right guys.

    Oh well, at least it will give me something to do.

    I might go with a completely different theme now...

Topic Closed

This topic has been closed to new replies.

About this Topic