Title: WordPress install hacked Last modified: August 22, 2016 --- # WordPress install hacked * [Uprootednut](https://wordpress.org/support/users/uprootednut/) * (@uprootednut) * [11 years, 10 months ago](https://wordpress.org/support/topic/wordpress-install-hacked/) * My WordPress install was hacked, after a couple of days of trying to find the source and searching the internet I found out it was this [http://blog.sucuri.net/2014/05/website-infections-malicious-redirect-to-porn-website-target-wordpress-and-joomla-users.html](http://blog.sucuri.net/2014/05/website-infections-malicious-redirect-to-porn-website-target-wordpress-and-joomla-users.html) * I then check all my index.php files and they all showed normlly, however the index.php in the wp-content folder when I copied and pasted the content revealed somthing else. * It was origionally * `` * When I copied and pasted the content from notepad++ to google as I wanted the check the silence is golden is normal I noticed it changed into somthing else entierly : * _[ Massive amount of obfuscated hacked code deleted, you don’t have to share that part ]_ * Firstly no other files behaved this way when I copied and pasted them, I am far from an expert but if some one could let me know a couple of thing: * 1. Why couldn’t I see that when I was looking at in via ftp using notepad++, why did I have to copy and paste it to see it. * 2. Is that the likely cause of my the websites redirecting when viewing on mobile? * Thanks for your help in advance. Viewing 4 replies - 1 through 4 (of 4 total) * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [11 years, 10 months ago](https://wordpress.org/support/topic/wordpress-install-hacked/#post-5182848) * It means that the hack is live on your site and it’s appending itself to files when it finds them. You edit the file, the hack sees the unhacked file and BANG! instant compromise. * The hack will do things such as on redirect some or all clients to other websites( and other bad things as well). * I’m sorry but you need to start working your way through these resources: [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) * Additional Resources: [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress) [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html) * [http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html](http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html) * Until you successfully delouse your installation this will continue to happen. * [perezbox](https://wordpress.org/support/users/perezbox/) * (@perezbox) * [11 years, 10 months ago](https://wordpress.org/support/topic/wordpress-install-hacked/#post-5183016) * Hi * It’s impossible to say why you couldn’t see. It could be a variety reasons, but anything would just be speculation. * As for it being the contributing factor, without seeing the payload it is also hard to say. But it’s very likely contributing to the redirect. * If you still have the payload you could try decoding it here: [http://ddecode.com/phpdecoder/](http://ddecode.com/phpdecoder/) * Sorry it’s not more helpful. * Thanks * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [11 years, 10 months ago](https://wordpress.org/support/topic/wordpress-install-hacked/#post-5183017) * > If you still have the payload you could try decoding it here: [http://ddecode.com/phpdecoder/](http://ddecode.com/phpdecoder/) * That can be interesting (and that’s educational too) but the problem to focus on is closing the door that the attacker got in via and delousing the WordPress installation. * It’s a lot of work but it is doable. * [perezbox](https://wordpress.org/support/users/perezbox/) * (@perezbox) * [11 years, 10 months ago](https://wordpress.org/support/topic/wordpress-install-hacked/#post-5183018) * Hi [@jan](https://wordpress.org/support/users/jan/) * Thought it was to help, and I thought I was by responding to his question: * > 2. Is that the likely cause of my the websites redirecting when viewing on > mobile? * Impossible to answer the question if it was the source if we don’t know what was in the obfuscation, hence my recommendation. * If he follows the various links provided above he should get a pretty could handle and clearing out the install. On that note though.. be sure to replace core install, and I don’t mean dragging and dropping or running the update via wp-admin. Log in via FTP / SFTP and physically remove, then readd the core wp-admin and wp- includes directories, followed by the root files (with exception to wp-config). * Thanks Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘WordPress install hacked’ is closed to new replies. ## Tags * [hacked](https://wordpress.org/support/topic-tag/hacked/) * [hidden](https://wordpress.org/support/topic-tag/hidden/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 4 replies * 3 participants * Last reply from: [perezbox](https://wordpress.org/support/users/perezbox/) * Last activity: [11 years, 10 months ago](https://wordpress.org/support/topic/wordpress-install-hacked/#post-5183018) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics