wordpress exploit, site hacked [newportalse.com]

Ciotti – You don’t lose anything if you delete FILES (except for if you delete your wp-content/uploads, wp-config and .htaccess). Everything else is on the database, safe as houses.

As for why a scanner misses stuff, well it’s not possible to know everything. This is what we call a backdoor injection, and if you’re not fully cleaning up everything on your site after you’ve been hit, and changing passwords, you will be reinfected, over and over, ad nasuseum, until you do.

I’m going to say this again, kids.

1) Backup EVERYTHING, database, files and all to your desktop/laptop whatever.
2) Delete ALL the file off your server except for wp-content/uploads,
3) Scan those files with your own eyes and if you see ANYTHING with .php, kill it with fire.
4) Get FRESH copies of WordPress, your themes, and plugins and upload them
5) Change ALL your passwords, from SSH and email to SQL and WordPress
6) Inform your host that this happened, so if they’re running insecure servers, they can take steps.

For what it’s worth, this means you’ll need to start over with a fresh .htaccess and wp-config.php file, but it’s better to add things back in one at a time when you KNOW they’re right than to risk this if you don’t know exactly how all this works.

Yes, it’s a pain in the ass, but this is a risk with any webapp on any server. It’s like getting ants in your house, or termites. Or fleas. Extreme measures.

It’s fine 🙂 This is how you learn.

The backlinks, posts, links, etc are all stored in your DATABASE, not in any files 🙂 That’s why it’s pretty much always okay to do this (sometimes, yes, it’s not, but that’s not today and any loss that comes with this is, I imagine you’ll agree with me here, FAR less than dealing with the effect of the hack).

There are only 2 files and one folder that store site data:

wp-content/uploads– Stores ALL uploaded media files (should be ONLY files named .jpg, .png, .mp4, etc etc – If you have ANY named .php or with .php in their name, you should delete them)

wp-config.php – This is your config file and has your database information. While I am telling you to delete it, you can very easily rebuild it without data loss (just put in the correct userid/password/database name). You can make a copy of the wp-config.sample file included in all WP downloads and use that as a basis to rebuild.

.htaccess – Unless you’re using a cache plugin or have a site that’s been around a long time, you probably only have the default one. When you go to re-save permalinks, you can easily recreate that, so it’s not going to hurt anything to rebuild it either 🙂

Same hack, speedrider, same directions as above. Scrub it all with fire.

It seems that you might have additional malware on other javascript files that are only included inside the admin interface, so try checking that or doing a clean update of WordPress overwriting all the core files.

No.

DELETE wp-admin

The whole folder. Just delete it. NOTHING in there is dangerous to delete. Once it’s gone, download a FRESH copy from wordpress.org/download and copy the folder up.

Really you should delete everything except wp-content/uploads (and backup your wp-config.php and .htaccess)

Then copy it all up from FRESH copies of the downloads. For ALL of your themes and plugins. Add in your personalized settings for wp-config.