Support » Fixing WordPress » My WordPress is hacked

  • How can I restore my site back to life?
    All the pages, accept for index.php page shows 404 error. Even when I try to enter to wp-admin control panel, I get 404. The 404 error page is not the one generated by WordPress, it is the one generated by Hostgator hosting company.

    Here is too things I discovered hacked did to my site. My index.php file had this code in the beginning.
    After I removed it the homepage loaded with no problems.

    2. the homepage directory had this load of files
    I dont know what these are, but I removed them from my directory. The file source was encoded showing jibberish code.

    Please help me figure this out. Thanks

Viewing 9 replies - 1 through 9 (of 9 total)
  • Login to hostgator and change the database and ftp logins so that whoever maliciously had access now no longer does (and choose a long password), then in their file editor, change your wp-config to match your new entries. Now it’s yours again.

    I already took these necessary steps, but my whole directory is affected or infested already. Updaing config file, and change passwords would not get rid of 404 errors. I wonder if anybody knows what I need to do to get rid of the 404 not found pages.

    Sure, but the password change is only one step. Now, back up the the files/directories. Then remove them-not wp-config.p- and re-install WordPress.
    Also search on harden WordPress here at the dot org site for some other steps / advice.

    If the site has been hacked, then the hacker has a backdoor somewhere in your files / directories. Only a complete remove and re-install will get you started in the right direction (in my opinion).

    Don’t forget the backup step and ask someone if you’re not sure.

    Oops – I see now you’ve been here since before I had even heard of WordPress –

    For this reason, there a lot of posts begging WP developers to make it easy to hide/rename WP folders (admin, content) but in vain, alas!



    Forum Moderator

    Sorry but that really has nothing to do with it. See

    Well, I see that all what was said in the link argue for making WordPress more secure!
    If WordPress is a victim of its success, or because users don’t pay attention…etc., this is a strong reason to make WP more secure. One of these ignored methods is offering users to mislead hackers by renaming or hiding the working folders.
    Doing such, WP security will be enhanced and its vulnerability will notably decrease.
    At worst, offering such an option will not hurt! Instead, it will add a robust security layer and make it more trustworthy by users!
    People will trust WP much more when they find it fulfilling their needs.

    My last reply here was deleted? !!!

    Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    Spam filter, it happens. The deleted post was restored.

    Edit: And that topic has well and truly been discussed to death.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘My WordPress is hacked’ is closed to new replies.