Support » Fixing WordPress » My WP site has been hacked.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Figure out the reason for the hack. Fix it. Fresh install. Scour database for any badness that’s been injected/restore from known clean backup. Change all passwords.

    Follow some of the links at the bottom of this page:
    http://wordpress.org/support/topic/307660?replies=1

    Thread Starter hampstead

    (@hampstead)

    I’ve no idea the reason for the hack. How would I find that out?

    How would I find that out?

    blame yourself.

    On sept 30, google cached your page:

    http://74.125.95.132/search?q=cache:6ZEMpRtmpRoJ:www.aztec-solar-water-heating.com/+http://www.aztec-solar-water-heating.com/&cd=1&hl=en&ct=clnk&gl=us

    You were running 2.8

    Did you miss ALL those “please upgrade” notices?

    Now you can start reading about how to fix:

    Here’s *my* standard reply:

    fix advice:
    http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/

    Make sure that your files on the server are clean. If that means deleting and reuploading, than you ought to do that. Files that you dont replace, should be looked at closely.

    Check for files that dont belong, directories that dont belong. Image files with changed timestamps — look at those. Its VERY common for there to be scripts on sites that are named in such a way to mask the fact that theyre scripts.

    Be suspicious, when youre looking at things.

    Look at your permissions. Do you have world writable files? Any world-writable directories? Are they necessary?

    You need to check your database. Look for rogue plugins being loaded, look for rogue users (specifically look for a user named wordpress). You will NOT see rogue plugins or rogue users in your wp-admin/ area. You need to check your database.

    Make sure ALL of your plugins are current.

    Make sure your wordpress is current.

    Change your mysql password that wordpress uses (update your wp-config.php with that new password). Especiallly important in cases where you see changes to your mysql database.

    Change any admin level passwords on your blog.

    Look at any other software thats being used on your site. Is it current?

    That’s just an outline and not a complete list.

    There’s quite a bit to do, but it’s all necessary.

    If you cant do it all — by all means dont hesitate to enlist the help of someone who can. Quite a few of us do work on the side.

    Then there’s this:

    http://codex.wordpress.org/Hardening_WordPress

    and this:

    http://wordpress.org/support/topic/307660?replies=1

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘My WP site has been hacked.’ is closed to new replies.