Support » Fixing WordPress » Site hacked… help!

  • So my site was hacked, at

    For fun, someone put up an Italian postage or banking site.

    I’m trying to log in, and even after I’ve changed my admin name and password via the php database, whenever I try to log in I never see the dashboard, only the following, on a white background:


    The address bar never changes either, but still shows “”
    I’ve tried upgrading to the latest version of WP via my hosting control panel, but it still doesn’t make a difference. What can I do to get back in to my blog and delete the offending site? Any help? Anything I can do via phpmyadmin?

Viewing 8 replies - 1 through 8 (of 8 total)
  • Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    Nice site and you can still see it via

    Your login page is see if that still works.

    Edit: Scratch that, you are not seeing the dashboard correctly. Skip to the hacked part of my responce.

    You’ve a lot of reading ahead of you. Start with seeing if you can get your install working.

    Backup the all of your files (if you had a good backup you would be able to rename your WordPress directory and just restore the whole works…)

    Change your passwords, someone put a file or files on your installation. That could have happened via a password compromise or WordPress/plugin hack since you’re site is not maintained and out of date.

    Once you have your files and database backed up and safe, look in your directory for index.html. Delete any index.html files and you should be good for now.

    If it comes back then read all of this:

    This is a good explanation of cleaning your database.

    How To Completely Clean Your Hacked WordPress Installation

    Once you’re good, read up on upgrading your version of WordPress. You are running version 2.1 and that’s not a safe thing to do. You’ll leave yourself vulnerable to more hacking.

    Good luck.

    Moderated above blockquote based on

    Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    Was wondering where that thread went.

    Moderating a cutting and pasting of goofy hacked output is probably a good idea…

    It looks like they have just added an index.html into the site so you can still see that wordpress is installed here

    Log into your control panel and delete index.html. Look for any other suspicious files too — if the can add an index.html they could have added anything else too.

    Wow. I’m overwhelmed by the help, advice and support in this community.

    I’ve backed up the database using phpmyadmin (at least I think I did… I got an “.sql” file to download, though I had requested a .zip). I then backed up the site files. Then I went in and changed passwords for all admin users and deleted a suspicious user named “Google.” As far as I’m aware, despite all of their webcrawling, Google has not yet made it a practice to go around and register as a user on blogs. =-)

    I’m still getting the goofy hacked output when I try to log in, so I can NOT access my dashboard, nor can my other users with admin accounts. So the hacker obviously modified some code somewhere.

    Please advise on my next step. Is it:
    A) Upgrade of WP Install via my host’s back-end?
    B) CLEAN install of WP (assuming my database backup is complete)?
    C) Searching the database for odd code?


    Oh, and if Option C is the next step, any ideas from the super-coders on here on where to find the code that is interfering with log-in?


    There’s a file I don’t recognize in my directory called “codice.php” and a .tgz companion. Is that supposed to be there? Am I safe deleting it?

    In fact, here’s a list of all the odd files in my directory:

    1. Directory named simply, “r”
    2. Aforementioned “codice.php” and “codice.tgz”
    3. “m.php”
    4. “php.ini”

    And that appears to be it for the main directory.

    I’m not liable to infect my computer by viewing .php files locally, am I?

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Site hacked… help!’ is closed to new replies.