If this is the only site you have there at your host and removing (deleting) its database and making a new WordPress installation has not solved the problem, I would ask my host to “nuke” (completely reset) my hosting account and do a new installation. I once had some odd things going on when I first got started and even my host thought that was a good idea.
If that’s the case, then I’m questioning the access point the hacker used. I mean, I was able to login to my hosting account, just not the WordPress.org account… I’m puzzled as to how something would have been done from the hosting end of things if that account at least didn’t seem to be compromised. If anyone has any thoughts on that as well, I’d be curious to know them.
Okay, here’s a clarification of my question, and an update.
I’ve contacted GoDaddy support, but they weren’t able to be super helpful. The support tech essentially told me that the code would have to be somewhere in the webroot file, but I cannot find the actual code for the static homepage I have setup. I can, however, find things like my uploaded image files. Unfortunately the tech said she could not assist with coding questions like this.
I’m using WordPress as an application on my host GoDaddy, and I use the ProPhoto 3 plugin to build my pages – I don’t do the coding myself. Does anyone know where this application stores its HTML files?
I’m puzzled as to how something would have been done from the hosting end of things if that account at least didn’t seem to be compromised.
Some hackers spray graffiti from the outside and others plant smoke bombs in the basement.
I cannot find the actual code for the static homepage I have setup.
That is likely in your database and can only be pulled from there and sent out by WordPress.
I use the ProPhoto 3 plugin to build my pages… Does anyone know where this application stores its HTML files?
The coding for the pages will be in the database, but your photos will likely be somewhere inside the wp-content folder in this general area:
home(root)/~~~/public_html/wordpress/wp-content/uploads
Go to your hosting account and use whatever file manager might be available there for having a look. But as to your pages, that will likely require repairing WordPress in order to get them out of the database.
Maybe after talking to GoDaddy I will eventually find a way into the databases, but for now I have at least set up a 2-step login involving a text-message validation code to that account. Here’s the thing though:
I wiped WordPress AND all databases from my hosting account entirely last night, even from GoDaddy’s tech support end, and reinstalled it all.
The malicious link remains, so I am starting to suspect ProPhoto 3.
Here’s the other thing: after reinstalling everything, I am of course still able to find old image files that were uploaded years ago to my hosting account. Is it possible that, even though WordPress stores the HTML files in the database, perhaps the malicious code is lurking as a file that isn’t an HTML document in my file-manager? I am wondering if I should just clean out my file manager but am scared of deleting something important.
Other things that are perhaps noteworthy: when examining files in my file manager, there is a webroot folder but no public_html folder. There is, however, a wp-content folder and such where it has those photos and so on stored. Just no HTML files in sight.
Just noticed something after peering into the file manager again: the original install of ProPhoto3 and the original zip folder was still there.
Scrapped it and reinstalled from original zip…. will report back to let you know if that fixed it.