Title: Major Hacks Into WordPress [HELP?] Last modified: August 19, 2016 --- # Major Hacks Into WordPress [HELP?] * [geolitjon](https://wordpress.org/support/users/geolitjon/) * (@geolitjon) * [16 years, 9 months ago](https://wordpress.org/support/topic/major-hacks-into-wordpress-help/) * So I recently saw some unauthorized files in my folders, including index.php files that contained odd code, which actually redirected to another site. * I called my host [GoDaddy] and believe it or not, they don’t keep FTP logs. I changed my password, but lo-and-behold, the unauthorized files continue to be added. * I was just about to give up, until I took a look at the backlinks going to my site. * It appears that this is a massive-scale hacking attempt across multiple sites, and all of them have happened within the last few weeks. I’m not sure if all of the sites are wordpress sites, but most of them are, which makes me think there must be some sort of vulnerability somewhere. * Of course, I’ve deleted the files, and (fingers crossed) they won’t reappear, but I have a list of all of the sites that contain the weird links in the footer. Is there some sort of common vulnerability that they all have? I’m tearing my hair out trying to figure it out [note the hidden links in the code in the footer]? * [http://stephanie.materns.com/](http://stephanie.materns.com/) [http://savemisterrogers.com/](http://savemisterrogers.com/) [http://www.leadingtoday.org/](http://www.leadingtoday.org/) [http://theskinnywebsite.com/site/](http://theskinnywebsite.com/site/) earfarm.com/features/daily-feature/monday/2010 [http://www.esart.com/blog/](http://www.esart.com/blog/) [http://electronicexplorations.org/the-show/week-047-drumcorps/](http://electronicexplorations.org/the-show/week-047-drumcorps/) [http://www.dailywireless.org/2009/02/06/2009-mobile-world-congress/](http://www.dailywireless.org/2009/02/06/2009-mobile-world-congress/) [http://privacycouncil.org/](http://privacycouncil.org/) [http://www.greenmamma.org/blog/](http://www.greenmamma.org/blog/) [http://www.lunch20.com/2007/04/27/lunch-20-linkedin/](http://www.lunch20.com/2007/04/27/lunch-20-linkedin/) [http://evil-e.org/](http://evil-e.org/) [http://www.drdzoe.com/](http://www.drdzoe.com/) [http://iohanet.org/](http://iohanet.org/) [http://electricbeach.org/?p=147](http://electricbeach.org/?p=147) [http://www.therightperspective.org/2009/01/05/mallgate-broadsides-clintons/](http://www.therightperspective.org/2009/01/05/mallgate-broadsides-clintons/) [http://www.durf.org/](http://www.durf.org/) [http://feministlawprofessors.com/?p=8389](http://feministlawprofessors.com/?p=8389) [http://www.pcs.org/win-big-at-this-years-gala-bright-lights-havana-nights/](http://www.pcs.org/win-big-at-this-years-gala-bright-lights-havana-nights/) [http://www.lunch20.com/2007/09/12/lunch-20-oracle/](http://www.lunch20.com/2007/09/12/lunch-20-oracle/) [http://www.thecriticalcondition.com/2009/02/17/when-reality-shows-approach-reality/](http://www.thecriticalcondition.com/2009/02/17/when-reality-shows-approach-reality/) [http://www.bigdbahead.com/?p=672](http://www.bigdbahead.com/?p=672) [http://metroriderla.com/2009/01/01/2009-the-year-in-transit/](http://metroriderla.com/2009/01/01/2009-the-year-in-transit/) [http://eyeonwilliamson.org/?p=4065](http://eyeonwilliamson.org/?p=4065) [http://www.imprintsjournal.com/](http://www.imprintsjournal.com/) [http://www.casavaria.com/cafesentido/2008/12/25/980/doctors-without-borders-lists-top-ten-humanitarian-crises-at-end-of-2008/](http://www.casavaria.com/cafesentido/2008/12/25/980/doctors-without-borders-lists-top-ten-humanitarian-crises-at-end-of-2008/) [http://www.nickhodge.com/blog/archives/2150](http://www.nickhodge.com/blog/archives/2150) Viewing 2 replies - 1 through 2 (of 2 total) * [Doodlebee](https://wordpress.org/support/users/doodlebee/) * (@doodlebee) * [16 years, 9 months ago](https://wordpress.org/support/topic/major-hacks-into-wordpress-help/#post-1182605) * >>which makes me think there must be some sort of vulnerability somewhere. << * yes, probably one of the sites on your shared server is the vulnerability. Someone probably has a poor password, didn’t upgrade their WP version (IF it is indeed, WordPress and not some self-built thing) or left their file permissions wide- open. Just because you (and some other people on your server) are running WordPress doesn’t necessarily mean it’s WordPress. Obviously *someone* hasn’t been paying attention to their security, and has compromised everyone. * Contact your host. If it’s across multiple sites, the *server* has been compromised, and they will want to know. They will also track down the source of the problem, and take the necessary steps to fix it. * [xinfo](https://wordpress.org/support/users/xinfo/) * (@xinfo) * [16 years, 9 months ago](https://wordpress.org/support/topic/major-hacks-into-wordpress-help/#post-1182612) * yaa there keep placing iframe i am tired of updating every day * still i am using latest version 2.8.4 version * well there place iframe only in index.php where ever it present in any folder * eg:root index * wp-inlude/index * wp-admin/index and index-extra * wp-content/index * wp dev help us out from this hackers Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Major Hacks Into WordPress [HELP?]’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 2 replies * 3 participants * Last reply from: [xinfo](https://wordpress.org/support/users/xinfo/) * Last activity: [16 years, 9 months ago](https://wordpress.org/support/topic/major-hacks-into-wordpress-help/#post-1182612) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics