Support » Everything else WordPress » Someone hacked my WP

  • I seem to have a security problem. Someone hacked my weblog and have now placed a big bunch of links in the bottom of my page. Check out: my weblog

    I can’t find the code in my theme editor – but I have found it using the ‘view source’ function in IE. Someone has placed a <div id=”goro”> underneath my footer.

    Help. Please. Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Start by making a new user, promoting it to administrator and delete the admin account, otherwise the hacker might just log back in and do it again. It seems as if (s)he has been in your footer.php or else added a file that is requested for in the index.php. Check out the last if you see something strange somewhere around the “get footer” command and of course the footer.php itself.
    Next thing to do is of course to protect your blog. Do you run 2.1.3? Maybe you want some security plugins or so.
    I hope this helps.

    This may not have been a hack directly into WordPress.

    Look at the source of the index.php in your blog’s root directory (rather than the index.php in the theme directory). Likely the inserted code is there.

    I have a similar problem but it’s not in my theme or the root index.php. These spam links even show up on my admin screens! I got swamped with spam ads a few days ago, so I erased my 2.3 install and replaced it with 2.3.1. That got rid of roblem for a day but now it’s back again. Also my WP login and logout don’t work from the sidebar I have to go manually to the wp-admin directory. I don’t know if that’s connected with this problem or just an error from the upgrade to 2.3.1.

    Oddly, the spam is repeated inside the WP-Admin dashboard under “Latest Activity” and “Welcome to WordPress” – the spam here will disappear if I disable Javascript, but the spam at the top does not.

    Any ideas? You can see the issue here:

    I discovered that the attack was coming through the WP-CACHE plugin. I am currently unable to login to the WP Admin on my blog – it says that my browser is blocking cookies, but it’s not.

    Since I couldn’t disable the plugin, I deleted the WP-Cache plugin directory and the spam disappeared. I am still unable to delete the actual cache directory or access the admin areas. I let you know when I am. Do any of you know of a secure caching plugin? It did make the pages load faster.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Someone hacked my WP’ is closed to new replies.