The Hack Repair Guy
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: header.php file getting hackedYou site has been compromised.
Start by changing all passwords (FTP/godddy/admins).
Then update WordPress, plugins and themes.
Forum: Fixing WordPress
In reply to: I think my site may have been hackedYes, sadly, your website has been compromised, possibly due to your forgetting to maintain your WP updates.
Forum: Plugins
In reply to: Hacked twice in the last 12 monthsBeing hacked is often a choice.
1. Maintain your wp versions and plugins no less than monthly.
2. Change your admin passwords “quarterly”
3. Reduce your number of admin users to “one” and only one.
4. Change your ftp password a minimum of every 6 months
5. Be particularly careful to “delete” all inactive plugins and templates.The above would be a good first start in locking your site against malicious folk in future.
Forum: Fixing WordPress
In reply to: Hacked? Admin Accounts Created Without My DoingWordPress did not create the accounts.
Forum: Fixing WordPress
In reply to: Hacked? Admin Accounts Created Without My DoingIf accounts are being added then your account has been hacked.
Start by removing all administrative accounts, except your primary one.
Then change your administrative account password, hosting control panel password, FTP password, and all email account passwords related to the website.
Use a service like Unmask Parasites to check the coding of your pages just in case.
Forum: Plugins
In reply to: Website hacked – Duplicator reinstall ProblemMay be a good idea to ask your host if they can recover your site from backup so you can start over.
Forum: Plugins
In reply to: hacked blog helpHi,
There are a good number of how-to’s on this website.
See the top right corner of this page, and type:
how do I reset my wordpress passwordSadly, your website is compromised as of this moment.
Forum: Fixing WordPress
In reply to: Hacked and cannot login to wordpress admin page or ftp or phpOne of your first steps would be to log in via your file manager or FTP and move any security plugins out of the plugin directory (temporarily).
Then see if you can log in after the plugins have been moved.
If that does not help, you’ll need to use your phpmyadmin to change the passwords for the current users. Google, “how do I change my wordpress password phpmyadmin”
Hopefully one of these will at least get you stable enough to log in and better lock down your site.
Oh, and make sure to change your FTP password as well just in case.
404 error means page does not exist.
More often than not, the hacker will leave behind a collection of back door scripts.
So no matter of installations or upgrades will prevent them from re-hacking your site.
So generally you have the choice of noting what is installed then reinstalling all again from scratch (deleting contents of your website first), which can be problematic to say the least; or having someone go through every file to fish out the back doors and clean up your code.
I find that 20 on a page works quite nicely and went with this:
$output .= ‘$(“#testimonials_container”).quickPager({ pageSize: 20, currentPage: 1, pagerLocation: “after” });’; $output .= ‘});’;
Example of the output here:
http://hackrepair.com/why-hackrepair-comThanks for the tip!
Forum: Plugins
In reply to: [BulletProof Security] 403 ErrorsFolks seem oddly concerned about 403 errors.
I’ll try to explain a bit better why you should just “forget about it…” in your best Italian accent.
403’s frequently result from bots attempting to access a directory when directory browsing is forbidden, or when IP denial is enabled.
If you have smartly installed BPS or some other nice security plugin. That plugin will block attempts at connecting to files in directories which disallow connections; and likewise block repeat bad login offenders.
This is a natural result of having the security plugin installed (403 errors). cPanel Hotlink Protection = (ditto).
Bottom line:
403 errors mean your security plugin or control panel is working.Remember a 403 is not a 404.
Massive numbers of 404 errors, now that is something worthy of discussion. 403 errors (aka, go away bot scum errors), not so much.I disagree. I’ve installed on hundreds of sites and none have reported any Googlebot blocking.
I’ve seen just the opposite results (faster website, no effects on Google indexing, etc.).
I think there is a lot more going on in this story.
Before folks start pointing fingers let’s use a little common sense and process to troubleshoot.
First, there is a recommended ban list in Better WP Security.
Please attempt to reinstall the plugin, then see:
Ban -> un-check the box next to “Enable Default Banned List”Then re-run your Googlebot check once again with it off.
(I’ve seen an number of apparently competitor posted anti-BWPS posts recently, hopefully this not another one)
Forum: Fixing WordPress
In reply to: Hacked…and completely unsure how to fix it.Hi,
I know this can get quite technical, but really it’s not that crazy hard to work through.Alright, so hacker defaced your home page.
It is likely hacker replaced or removed some pages, so call your host and request they recover your site from backup first.
Then, once backup recovery completed, log into your control panel and change your:
– control panel password
– website FTP password
– password to all email accountsIf not sure how, just call the host and have them walk you through each.
If no backup, then you could always start over and use this a lesson to remember to keep a backup of your website at least every few months in future, and/or use one of the many free daily backup plugins to do so.
Sadly, there is no quick and easy to fix for a hacked website situation. A hacked site will require someone go through every file, clear out the hacks, and ensure all is locked down nicely to help prevent your site from being hacked again.
Forum: Fixing WordPress
In reply to: Site Hacked; How to Do Fresh WordPress InstallWell, WordPress is really not that complicated.
Your content lives in the wp-content directory, so make sure to download that to you computer.The rest you can overwrite from a virgin source (WP respository).
Of course make a backup of all before following my advice. 🙂Once you clean up the wp-content directory files, then upload that over the existing files.
Yes, I know this is a gross oversimplification, but may do the trick in at least getting you stabilized and working once again.