Support » Fixing WordPress » My blog seems to be hacked !!!

  • Hi there,

    I have recently noticed that my blog – has been hacked , since firefox and chrome says that this sites has been attacked.

    Also when I check the source code of the home page there is script which I can see – <script src= ></script> I am not able to see this script in header.php

    What should I do? Its also affecting my site , the blog for which is the sub domain.

    Please help.


Viewing 10 replies - 1 through 10 (of 10 total)
  • search the forum for hacked

    or look here

    there is alot of detailed info availabale already, it’s hard to repeat it all.

    Moderator Mark Ratledge


    Forum Moderator

    See FAQ: My site was hacked « WordPress Codex and How to Completely Clean a Hacked WordPress Install. Change your FTP passwords, and look for hidden WordPress adminstrators.

    @rvoodoo – I have been through the links u have mentioned, but can you guide me onto how do I remove that script which I have mentioned above.

    @songdogtech – thanks for your advice, same request to you too, where do I find this script so that I can delete it.


    Can’t guide you really…I followed those links…

    There is no simple answer

    You may have to go through every file and folder on your host, your database, etc. Change your passwords, all of them. Clean everything, then change em again. As long as you are hacked, your passwords are vulnerable.

    I had to reinstall all my programs on my server
    5wp installs, 1 SMF form, 1 wiki, 1 media upload program

    Then I had to comb through all my folders for strage php files that had been uploaded (found 2, buried real deep).

    My server logs show me everything that happens, and they were a lifesaver…I scanned them all for any suspicious activity (that took alot of time)

    Its a pain, and there is no simple solution

    Moderator Mark Ratledge


    Forum Moderator

    Try Search and Replace « WordPress Plugins to search in your database. But searching with PHPMyAdmin is more complete: How To Completely Clean Your Hacked WordPress Installation | Smackdown!

    @ Songdogtech – Search and Replace is not compatibel with 2.8.6 ….let me see if I can find some other plugin like this one.

    Now this is what I plan to do tomm –

    1. I will uninstall wordpress from my server. Even delete the database to which it was connected.

    2. There were 15 article on the blog, I have them on my macbook, which I can add them back later.

    3. Check my main site, to know if its affected. If it is then, have it cleant first.

    4. Re-install WordPress fresh.

    5. Add articles from scratch, in the same sequence as they were before and make the blog look like what it looked earlier.

    Is this a good way to go about it…since I dont have a lot of time to spend on this issue.

    This sounds like a good way to go about it, especially if you delete the database and the file folder that contained WordPress. However, do check out your #3 point – if there is a hack, then it might not be contained just in wordpress.

    Sorry this happened to you. It sucks to get hacked.

    you could even export your posts from Tools – Export to an XML file. checking this for ‘strange’ code should be easy with 15 posts. On a new install you can import this file to get all posts back.

    I also would ftp the full site content to my pc to have a backup of your wp-content folder. BUT DO NOT JUST UPLOAD THIS FOLDER TO A NEW INSTALLATION, there might be malicious files in there.

    Did you ever just switch to default theme and look if this code is inserted there too?

    @ancawonka – The blog and everything related to wordpress id out of server. Now Im working on Point # 3 and life is not so easy.

    @ Joern – I shifted back to the default plugin, but that strange code was still there… had to remove my blog and everything related to wordpress….hopefully the main site is sorted quickly and I can get back to Arthemia soon.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘My blog seems to be hacked !!!’ is closed to new replies.