Support » Fixing WordPress » WordPress hacked – Shows a new theme and new blog! Please help

  • Resolved enhancelife


    My blog

    Had several posts and a nice theme but now it show a default theme with 1 post!
    I don’t have wordpress user access to this site.
    I have access to the FTP but I don’t have access to SSH.
    I browsed through phpMyAdmin and noticed that the database contains just the new wordpress blog. Basically, all my old posts etc doesn’t seem to be wp_posts table etc.

    I’ve gone through other threads on hacking on this site and haven’t really found a solution yet. Hoping you can give me some suggestions to isolate the cause/ restore the site.

    Has anyone come across this issue before? Any help to isolate the cause is appreciated.


Viewing 8 replies - 1 through 8 (of 8 total)
  • esmi


    Forum Moderator

    That doesn’t look like a hack at all. Looks like WordPress was re-installed on your site. Have you spoken to your hosts about this?

    Thanks for the reply.
    Yes I did! I even did a restore from an old backup of the hosting account. (When I knew it was working) Still having the same issue.



    Forum Moderator

    Have you spoken to your hosts about this?

    Yes, i had a chat with blue host. They restored it to an older version – which i knew the blog was in “normal conditions”. But the issue is still there. Bluehost said they did a full restore, db,configuration etc

    any ideas to troubleshoot?

    Most hacked sites I’ve reviewed with this similar issue were hacked due to outdated plugins or scripts. Updating the scripts and removing old ones being the first step to recovery.

    The tougher part— it’s rare for hackers to not leave back door scripts in place (allowing hacker to re-hack your site again in future). You’ll need to review every file on your website as well to ensure no hacker coding remains.

    Sadly it appears you may have gone the slash and burn route already. 🙁

    Finally got it back to where it was. Apparently bluehost hasn’t restored the database.
    Anyways, i am still in doubt as to how this happened. It’s scary that someone can hack in and install a new wordpress installation!

    I agree, pretty scary stuff.
    Make sure so change all passwords you can think of to start (ftp, wordpress, all email accounts).

    Then double check your blog to verify all is updated nicely.

    Make sure you have just one admin account setup as well. Set other folks to editor, etc.

    It is also helpful to delete your “admin” user.
    Make sure you have another user with administrative rights before you do this. I use “Audit Trail” plugin, to track my users, and you can see the number of daily attempts made to the admin user from numerous IPs.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘WordPress hacked – Shows a new theme and new blog! Please help’ is closed to new replies.