Wordpress Blog Hacked...

[Spencer Jones]

Yesterday I had someone new register to my wordpress blog with the username "admin" and then reset the password and changed it. I am not able to access the blog with my username and password now.

And today the same thing happened to another one of my blogs, and the hacker was trying the same technique, but this time, my admin username wasn't admin and so the hacker failed.

Then as a precaution I went on and unchecked the setting that allow anyone to register inside my blogs. So all the rest of my blogs must be secure now.

Anyway I would like to know how to get that hacked blog back to my hands?

Thanks
Spencer Jones

[Jesus Perez]

Sorry! In order to help, what version of Wordpress are you running?

[Spencer Jones]

It's wordpress Version 2.6.1. Yes I do have access to the server...

Spencer,
Grab my WSO before I remove it ... Was fixing to do just that ..

James

[Jesus Perez]

Open up PHPMyAdmin via your control panel. Navigate to the users database, change the admin name and password. When saving the password, select MD5. You will have access to your WP folder again.

More detail...How to Reset Wordpress Admin Password

[Bishop81]

You don't have to go through the hassle of reinstalling anything.

Go into your PHPMyAdmin and navigate to the wp_users table for the blog in question. Find the admin user and click on Edit to edit that row. In the functions dropdown, select "MD5" then for the value enter in the password that you want to change it to. Click Save and you should now be able to enter your blog with that password.

As long as user registration is disabled, you shouldn't have that problem any more. That doesn't mean your blog is completely secured, but you won't have that specific problem again.

[Spencer Jones]

Anyway to edit the users and admin via FTP ?

[mookinman]

Somebody has hacked one of my wordpress blogs as well - I keep getting this "Casino En Ligne" link appearing in my blogroll- every time I delete it, it just comes back!

[Spencer Jones]

Any other ways?

I don't have access to the phpmyadmin of this particular blog, only have access to ftp area. Since I got this domain as part of a competition I was participating and is actually a domain under a main account which is owned by someone else...

[Jassa]

Surely, that will be the reason then. If you won it in a competition, the competition was probably conceived to implement some 'tricky business' - or am I just being paranoid?

2. re: security of blogs, I'd always understood that we should delete the install.php file as soon as we have finished installing.

[zeurois]

Problem solved?

If not, PM me. I'll help you reset your password.

[Jesus Perez]

Quote:

Originally Posted by mookinman

Somebody has hacked one of my wordpress blogs as well - I keep getting this "Casino En Ligne" link appearing in my blogroll- every time I delete it, it just comes back!

WordPress › Support "Casino en Ligne" adding itself to my blogroll

[Greg Cooksley]

Quote:

Originally Posted by TheRichJerksNet

Spencer,
Grab my WSO before I remove it ... Was fixing to do just that
..

James

Hey Spencer,

If you really want to protect your WP blog in future you have
to get the product that James is offering on his WSO above....

He really knows what he's talking about....

Regards

Greg

[Bishop81]

Since you have ftp access, the only thing you can do is to delete the user and and re-register. You can do this with PHP. You will have to get your db connection details from the wp-config.php file, and then use them to make your calls to the database.

Or, you can update that row in the database in the same fashion. Just write a php page that calls the db and updates the record to whatever you want the password to be.

Quote:

Originally Posted by Greg Cooksley

Hey Spencer,

If you really want to protect your WP blog in future you have
to get the product that James is offering on his WSO above....

He really knows what he's talking about....

Regards

Greg

Hey Greg,
Apprciate you mentioning me there...

Thanks,
James

[Dan Riffle]

I want to piggyback on Greg's comment. I use wordpress as the platform for all of my sites. The recent increase in wordpress hacks has had me nervous.

I picked up James' WSO and, while I'm no techno geek, I'm pretty confident my sites won't be getting hacked...once I get around to updating them all with the procedures in the WSO. [Where was the back end offer for paid upgrade services, James? ]

I'm not trying to be a shill here. I don't know James from Adam, but his product is top notch and should solve your wordpress issues going forward.

Hi riff,
Thanks .. appreciate it

Actually did not add any backend offer on WPS .. Thought about it but figure I would wait for v2 which will come out soon and v1 owners will get a huge discount..

So before I pull WPS for good, grab it now as I do plan on pulling v1 real soon..

James

[Mo Goulet]

I searched the WSO and could not locate James' WSO. Does anyone have a link to it?

Its the link in my sig ...

2nd link

James

[Spencer Jones]

Hello Peter, I just sent you a PM.

Hello Bishop81, I have access to the wp-config file. Also I can see the database name, user and password. But since I don't know PHP, don't know how to go on from there... Any more help, the ftp way?

Thanks & Regards
Spencer Jones

[Spencer Jones]

isn't there any way?

[Eric Lorence]

Use this code, just enter it into your admin password table in PHPmyadmin:

Quote:

21232f297a57a5a743894a0e4a801fc3

It will reset your password to "admin"- (MD5 hash)

There are also some free Wordpress security resources here:

BlogSecurity Blog Archive WordPress Security Whitepaper

Best!

[jmorris18]

James , Wow - what is going to be in version 2 of your Wordpress Secured Guide? I would love to hear what you have up your sleeves !!!

Thanks,
Jason

[Spencer Jones]

I am wondering what's going on? It's been a long time since I been here, and now seems like there's no control of promotions of WSO's being done on main discussion board...

Can you guys not comment about the WSO on the WSO thread itself?

[Mo Goulet]

Maybe you should read the post first before making your comment.