Moderator
James Huff
(@macmanx)
Volunteer Moderator
Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
Thanks James. Much appreciated.
I have another site that has been compromised but this is more significant. Would anyone know what the errors coming up at http://galvestondiaperbank.org/ might mean?
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Internal server errors (error 500) are often caused by plugin or theme function conflicts, so if you have access to your admin panel, try deactivating all plugins. If you don’t have access to your admin panel, try manually resetting your plugins (no Dashboard access required). If that resolves the issue, reactivate each one individually until you find the cause.
If that does not resolve the issue, try switching to the Twenty Sixteen theme to rule-out a theme-specific issue. If you don’t have access to your admin panel, access your server via SFTP or FTP, or a file manager in your hosting account’s control panel, navigate to /wp-content/themes/ and rename the directory of your currently active theme. This will force the default theme to activate and hopefully rule-out a theme-specific issue.
If that does not resolve the issue, it’s possible that a .htaccess rule could be the source of the problem. To check for this, access your server via SFTP or FTP, or a file manager in your hosting account’s control panel, and rename the .htaccess file. If you can’t find a .htaccess file, make sure that you have set your SFTP or FTP client to view invisible files.
If you weren’t able to resolve the issue by either resetting your plugins and theme or renaming your .htaccess file, we may be able to help, but we’ll need a more detailed error message. Internal server errors are usually described in more detail in the server error log. If you have access to your server error log, generate the error again, note the date and time, then immediately check your server error log for any errors that occurred during that time period. If you don’t have access to your server error log, ask your hosting provider to look for you.
James,
Thanks so much for the great feedback. It’s really appreciated. The diaper bank web site is back up and running.
I’m still struggling with the scrantonrunning.com site and the hidden sub folders that redirect. Do you have any resources on removal of this particular type of hack?
Thanks,
Will
Moderator
James Huff
(@macmanx)
Volunteer Moderator
I suggest going through https://codex.wordpress.org/FAQ_My_site_was_hacked one more time. If nothing in there clears it up, you might need to hire someone to directly clear this.
For that, please try http://jobs.wordpress.net/ or http://directory.codepoet.com/ and do not accept any hire or direct access offers posted to these forums.
