Title: WordPress hacked &#8211; admin passwords reset
Last modified: August 20, 2016

---

# WordPress hacked – admin passwords reset

 *  [oxygencreative](https://wordpress.org/support/users/oxygencreative/)
 * (@oxygencreative)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/wordpress-hacked-admin-passwords-reset/)
 * Just in case anyone has come accross this – one of my wordpress installations
   has been hacked. There was a hacker message on the front page.
    The _index.php_
   file had been modified, also the _wp-login.php_ file and there was an extra file
   called “_fake.php_“. I’ve removed all these and replaced them with backups. All
   appeared to be good.
 * BUT!!!
 * ALL the admin passwords had been changed. I logged into phpMy admin and changed
   them all. I changed my DB user, password, FTP access and the wp-config file, 
   upgraded to the latest version of WP, but the admin passwords STILL get changed
   every time one of the admins logs in successfully. But ONLY the user logging 
   in has their password changed.
 * I think I am going to need to do a ground-up re-install unless anyone else has
   a clue?
 * Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/)
 * (@ipstenu)
 * 🏳️‍🌈 Advisor and Activist
 * [14 years, 1 month ago](https://wordpress.org/support/topic/wordpress-hacked-admin-passwords-reset/#post-2733230)
 * You don’t need to ground up, but you DO need to scrub your files.
 * Delete all files and folders EXCEPT for these:
 * /.htaccess
    /wp-config.php /wp-content/uploads /wp-content/blogs.dir (ONLY if
   you’re using Multisite)
 * Then reupload WP core, all your plugins and all your themes.
 *  [Floridian12](https://wordpress.org/support/users/floridian12/)
 * (@floridian12)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/wordpress-hacked-admin-passwords-reset/#post-2733231)
 * If the hacker is using a shell then it won’t matter if you change your passwords,
   they can still gain access to your server via the shell. Run a scan on your server
   for the shell file. When the results come back clean, overwrite all files with
   a fresh install – except the wp-content folder.
 *  Thread Starter [oxygencreative](https://wordpress.org/support/users/oxygencreative/)
 * (@oxygencreative)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/wordpress-hacked-admin-passwords-reset/#post-2733372)
 * Thanks very much for your help and advice. I’ll do as you suggest and post back
   here when everything is done.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘WordPress hacked – admin passwords reset’ is closed to new replies.

## Tags

 * [admin](https://wordpress.org/support/topic-tag/admin/)
 * [hacked](https://wordpress.org/support/topic-tag/hacked/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 3 participants
 * Last reply from: [oxygencreative](https://wordpress.org/support/users/oxygencreative/)
 * Last activity: [14 years, 1 month ago](https://wordpress.org/support/topic/wordpress-hacked-admin-passwords-reset/#post-2733372)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics