WordPress.org

Ready to get started?Download WordPress

Forums

[closed] My WordPress website has been hacked!! (23 posts)

  1. DadHyink
    Member
    Posted 2 years ago #

    My website is
    http://www.racingforbangladesh.com
    As you can see, it has been hacked. I can no longer log in. I am very concerned about the security of my friends' email addresses. Any suggestions?

  2. Tara
    Member
    Posted 2 years ago #

  3. todude
    Member
    Posted 2 years ago #

    And please pick stronger passwords the next time :)

  4. Tara
    Member
    Posted 2 years ago #

    And please pick stronger passwords the next time :)

    @todude, all that is included in the link I have referenced in my above post (http://codex.wordpress.org/Hardening_WordPress).

  5. DadHyink
    Member
    Posted 2 years ago #

    OK. I am a rank amateur. How do I actually get into my website if I can no longer log on? Please use short words and simple instructions. Can I hire someone to do this for me?

  6. ClaytonJames
    Member
    Posted 2 years ago #

    You might be able to try logging in here first:

    http://racingforbangladesh.com/wp-login.php

    If that doesn't work, You can probably regain admin control by changing the admin password directly from the database. If you have phpMyAdmin available to you, it should be pretty short work. Resetting Your Password
    Then it might let you log back in and take a look around.

    [edit] This is likely a major contributor to the reason you have been hacked...

    "WordPress Version 2.8.6"

    You must keep up with security updates.

  7. DadHyink
    Member
    Posted 2 years ago #

    Unfortunately, all of the editing I've done on the website is online. How do I regain control, when I can't logon to the site? Do I need to start over with a new url? I'm afraid of what you will tell me next.

  8. DadHyink
    Member
    Posted 2 years ago #

    How do I find, modify, and save phpMyAdmin online?

  9. DadHyink
    Member
    Posted 2 years ago #

    Is there anyone that might help me? For a generous fee?

  10. ClaytonJames
    Member
    Posted 2 years ago #

    Just to be clear, and not assume anything...

    I understand that the log in link is no longer available from your front page because it has been defaced, but did you try to log in by clicking this link that I gave you?

    http://racingforbangladesh.com/wp-login.php

    ...and if you did, what was the result? An error message? or just a redirect to a defaced page?

    How do I regain control, when I can't logon to the site?

    You should sign in to the control panel provided by your host, and locate the tools for managing your database. It is probably phpMyAdmin. If not, you will have to use whatever database tools your host has made available to you.

    As I mentioned, you may be able to regain control by resetting the admin account password in your database, if your admin account has been changed. Here are the instructions for doing that. Resetting Your Password. Then you will need to follow the guides and suggestions found in the links that t-p posted for you.

  11. DadHyink
    Member
    Posted 2 years ago #

    The log in link is fine. It just refuses my user name and password.

  12. Roy
    Member
    Posted 2 years ago #

  13. DadHyink
    Member
    Posted 2 years ago #

    Please tell me how to access phpMyAdmin if I can't log in to my website. The hacker clearly knew how!

  14. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    You need to ask your hosts about that.

  15. Roy
    Member
    Posted 2 years ago #

    phpMyAdmin has nothing to do with WP.

  16. DadHyink
    Member
    Posted 2 years ago #

    OK. My son helped me set up this website. I'll see if he knows who the host is. It is a stand alone site as far as I know.

  17. John Hoff
    Member
    Posted 2 years ago #

    Here's a video on how to change your Username and Password in your database (phpMyAdmin).

    Problem is, you don't know for sure what this person has done to your website while they've had control.

    The best thing to do is like someone mentioned above, contact your web host and ask them if they have a full backup (files and database) of your website from a time when you knew your site wasn't hacked.

    Once your site is back up and running, do this:
    - install the WordPress Firewall plugin
    - make sure wp is up to date as are all the plugins you use
    - make sure your theme is up to date
    - install security upgrades found in this book
    - if you use FTP, make sure you're using FTPS, FTPES, or SFTP
    - make sure you do continual backups of your database and files

  18. smartobject2
    Member
    Posted 2 years ago #

    Dr. Hyink,
    You can contact me directly at support@sheltonresearch.com and I can help -- no charge or fees.
    I just want the WordPress hacking cleaned up.
    Anyone that cycles across Michigan, etc. for charity fund raising has my support,
    Cheers,
    Lee Shelton

  19. DadHyink
    Member
    Posted 2 years ago #

    To everyone who helped, I have progressed from kindergarten to the first day of first grade in web site management. My son got involved, and indeed, I do have a Web Host, and found the infamous phpMyAdmin file. All the stuff is there. I appreciate your kind offer, Lee, but we decided to remove the offending web site, and go with direct email with attachments instead. Lower tech for sure, but right now, I'm not up to learning another computer language. Back when, I was very fluent in Microsoft Basic 7 and used several machine language routines. I just don't have the inclination or time to do it again. Thanks again, folks.

  20. dagroenert.com
    Member
    Posted 2 years ago #

    Hi, I'm a computer idiot. Someone else set my website up, I'm learning how to edit it by trials and errors.
    The problem is I'm only getting messages that belong to another website and getting offers to make mine more popular. When I reply, no one replys back. When I email them, the email address is bogus. So I've been spamming them all.
    Is another website getting my messages? How can I get help?
    Thanks

  21. dagroenert.com
    Member
    Posted 2 years ago #

    I'm not even sure if this problem is considered being hacked.

  22. Michael Torbert
    WordPress Virtuoso
    Posted 2 years ago #

    You shouldn't take over another person's thread about a different topic.

    For your issue, these are spam messages. Ignore them/mark them as spam.

  23. dagroenert.com
    Member
    Posted 2 years ago #

    Sorry, I did not read the rules before jumping in.

Topic Closed

This topic has been closed to new replies.

About this Topic