The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

[resolved] WordPress hacked - Shows a new theme and new blog! Please help (9 posts)

  1. enhancelife
    Posted 3 years ago #

    My blog

    Had several posts and a nice theme but now it show a default theme with 1 post!
    I don't have wordpress user access to this site.
    I have access to the FTP but I don't have access to SSH.
    I browsed through phpMyAdmin and noticed that the database contains just the new wordpress blog. Basically, all my old posts etc doesn't seem to be wp_posts table etc.

    I've gone through other threads on hacking on this site and haven't really found a solution yet. Hoping you can give me some suggestions to isolate the cause/ restore the site.

    Has anyone come across this issue before? Any help to isolate the cause is appreciated.


  2. esmi
    Forum Moderator
    Posted 3 years ago #

    That doesn't look like a hack at all. Looks like WordPress was re-installed on your site. Have you spoken to your hosts about this?

  3. enhancelife
    Posted 3 years ago #

    Thanks for the reply.
    Yes I did! I even did a restore from an old backup of the hosting account. (When I knew it was working) Still having the same issue.

  4. esmi
    Forum Moderator
    Posted 3 years ago #

    Have you spoken to your hosts about this?

  5. enhancelife
    Posted 3 years ago #

    Yes, i had a chat with blue host. They restored it to an older version - which i knew the blog was in "normal conditions". But the issue is still there. Bluehost said they did a full restore, db,configuration etc

    any ideas to troubleshoot?

  6. The Hack Repair Guy
    Posted 3 years ago #

    Most hacked sites I've reviewed with this similar issue were hacked due to outdated plugins or scripts. Updating the scripts and removing old ones being the first step to recovery.

    The tougher part--- it's rare for hackers to not leave back door scripts in place (allowing hacker to re-hack your site again in future). You'll need to review every file on your website as well to ensure no hacker coding remains.

    Sadly it appears you may have gone the slash and burn route already. :(

  7. enhancelife
    Posted 3 years ago #

    Finally got it back to where it was. Apparently bluehost hasn't restored the database.
    Anyways, i am still in doubt as to how this happened. It's scary that someone can hack in and install a new wordpress installation!

  8. The Hack Repair Guy
    Posted 3 years ago #

    I agree, pretty scary stuff.
    Make sure so change all passwords you can think of to start (ftp, wordpress, all email accounts).

    Then double check your blog to verify all is updated nicely.

    Make sure you have just one admin account setup as well. Set other folks to editor, etc.

  9. Amado.Miami
    Posted 3 years ago #

    It is also helpful to delete your "admin" user.
    Make sure you have another user with administrative rights before you do this. I use "Audit Trail" plugin, to track my users, and you can see the number of daily attempts made to the admin user from numerous IPs.

Topic Closed

This topic has been closed to new replies.

About this Topic