Support » Fixing WordPress » My blogs being hacked faster than I can fix them

  • Harmful urls are being added to my index.php file, which is getting Google to mark my sites as harmful.

    But as fast as I fix them they’re added again. Hosting company says my FTP passwords may have been compromised, but I keep changing them and still I get hacked.

    There are 3 different hosting companies involved, so the only thing common is my PC, but I’ve bought a new PC, got MS Security Essentials running, have done Malwarebytes AntwMalware and Spybot.

    Which plugin is most likely to secure things for me, please?

    I’m very non-technical and came to WordPress because of that, so this is a nightmare for me.

    Hope someone can help. Please!

Viewing 12 replies - 1 through 12 (of 12 total)
  • It does not sound like an issue with WordPress but elsewhere but if you must:
    There is no plugin to secure yur site. Good practices is what counts.

    Have your local copies of the website been alteredd? If so then its happening on your local computer, if not then on your host.
    2) If your ftp password is exposed, see if you can use SFTP with your hosting account.
    3) Is this Windows or Linux hosting?
    4) Is it only your index.php or other php files?
    5) Have you gone throug:

    Try to check local files first see if you can able to find any unwanted script on your index page or on any other pages if yes remove it and update again via using FTP. Reset your WP-Admin password for WordPress and also change your FTP password too.

    Thanks to both of you for the advice. I’ll work through the suggested urls. (I only do this part-time!)

    To answer the other points:

    1) Local copies have been fine, just on hosting.

    2) Will ask hosting company about SFTP, that’s a new one on me 🙂

    3) Linux hosting

    4) I have only found problems in index.php personally, although the hosting company did the first few cleanups for me, until I got embarrassed about asking them so many times.

    I have reset both ftp and WP admin passwords, and sites hacked even AFTER that. However I store them locally in Roboform. Is that secure enough? (I have several blogs so the thought of trying to remember them all is mind-boggling.)



    Forum Moderator

    you should now first take a database backup, and remove all your file from server, if you have a local latest copy than upload it again but don’t do this without taking any backup. This is clearly an issue that hacked script still in your pages you need to very carefully check pages.


    Thanks for all help, been a bit quiet as I’ve been implementing what I could, although some of it is “beyond me”! At the moment, all seems working again, thank goodness.

    When you say “carefully check pages for hacked script”, I’m not entirely sure how to do this – it’s all jibberish to me! I saw something that I thought was suspicious, pointed it out to the Hosting company and they told me it was absolutely fine.

    Moderator Mark Ratledge


    Forum Moderator

    Who is your hosting company? Some are better than others when it comes to security. Google the name of your host and “hack” and see how many hits you get. If hacks keep happening, might consider changing hosts.

    I have three hosting companies. Two have been helpful. One has not!

    So I am moving my sites from the unhelpful one to one of the helpful ones. (Hostgator and Hostica HAVE been helpful.)

    However, even that has turned into a nightmare. I have empty blogs set up on the new hosting company and assumed I would then just ftp my files from the old company to the new, via my PC. But I gather this can’t happen, so it looks as if I may have lost those 2 sites entirely.

    Moderator Mark Ratledge


    Forum Moderator

    You have to export your content out of WordPress or move the database. That’s where all of your posts and pages and content resides: in the database. If you didn’t delete the database at your old host or close the account, it’s still there.

    You do have to FTP your theme and uploads folder (and plugins if you don’t want to download them all again at the new host).

    See Moving WordPress « WordPress Codex

    OK, thanks – I may have to go down that route, but in the meantime I’ve had more help from Hostica.

    I’d made a backup with a WP plugin but couldn’t figure out what to do with it myself.

    Hostica support people have recovered that for me and I can login and see that the right number of posts is there, but the blog isn’t displaying at all, and the display when logged in as administrator is workable but wrong. (The options on LHS are there, but what should be on the RHS is right at the bottom of the screen.)

    I’ve done an export while I could get logged in, but the layout is all lost. So if I just ftp the theme and uploads folder from the old to the new host, will everything reappear?

    If you read all of the lik you were given:

    it gives detailed instructions on moving the site.

    Sorry – I’ve read what I can, but it’s just all too much for me.

    When I started with WordPress I was led to believe it was simple. For some people, this may be simple, but for me – doing it part-time – it is not.

    I have put HOURS into all this, it’s been a HUGE learning curve even to get this far and frankly I wish I had never started.

    I am truly grateful to these forums for the help I have found here on the simple topics, but some of it is beyond me. What was supposed to be a way to earn a pleasant retirement income has turned into an absolute nightmare.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘My blogs being hacked faster than I can fix them’ is closed to new replies.