15 {{ upvoteCount | shortNum }}
15 {{ upvoteCount | shortNum }}

I think my WordPress site has been hacked

by Laura B
12 replies
Suddenly after several seconds it redirects to other sites; a couple were search sites and one was Sex in China or some such thing. I've contacted my host so hopefully they can help, but I'm wondering how it happened.

I had to reset the password because suddenly I couldn't access the server. Did a hacker change it? This hasn't happened to me before.
#hacked #site #wordpress
  • Profile picture of the author NK
    The hackers probably either hacked directly into your database or through password sniffers. What you can do is do a full antivirus scan on your PC to make sure there are no malicious programs hiding in your computer, and then install WP File Monitor plugin.

    It's a handy plugin that alerts you via email whenever a file in your WP installation folder has been modified so you'll know if someone has been tampering with the files.

    I had a similar problem a few months ago. What I did was manually remove files that were not supposed to be there in the first place and reinstalled WordPress after doing a clean backup of my database, plugins and themes.
    Signature

    Affiliate Link Cloaking & Tracking Software - The most powerful tool available for affiliate marketers who are sick and tired of making way too little money!
    {{ DiscussionBoard.errors[1716284].message }}
  • Profile picture of the author Laura B
    Thank you, NK. I will download that plugin right away. Good lesson in having strong passwords and changing them periodically.
    Signature
    Free ebook: Affiliate Marketing: Just the FAQs
    Affiliate marketing for brand spankin' newbies
    {{ DiscussionBoard.errors[1716442].message }}
  • Profile picture of the author Laura B
    I will do that too, thanks for the suggestion. That won't change the theme files as long as I put them back in the right spot, right? Because I've made modifications to the theme.
    Signature
    Free ebook: Affiliate Marketing: Just the FAQs
    Affiliate marketing for brand spankin' newbies
    {{ DiscussionBoard.errors[1716876].message }}
  • Profile picture of the author mywebwork
    Hi Laura

    There seems to be an epidemic of WordPress attacks, I answered another post earlier today on the very same subject. To avoid retyping here is a link to it:

    http://www.warriorforum.com/main-int...hed-again.html

    One thing I suggest you do is to make your theme files read-only. There is a good chance that the attacker modified your header.php file to create the redirect. Now that you've modified the themes you have no reason to let them be modified again.

    All the best...

    Bill
    {{ DiscussionBoard.errors[1716898].message }}
    • Profile picture of the author Istvan Horvath
      Originally Posted by mywebwork View Post

      One thing I suggest you do is to make your theme files read-only. There is a good chance that the attacker modified your header.php file to create the redirect.
      That's why the online theme editor should be removed from WP.

      I was saying it for years but nobody ever listened...

      There is no need to mess around with writable files. 99% of the WP users never change back the permissions after they edit their template files.
      Signature

      {{ DiscussionBoard.errors[1717170].message }}
  • Profile picture of the author Laura B
    Thank you! Yes, indeed, my host found some stuff in header.php that shouldn't have been there. Another good suggestion that I will apply.
    Signature
    Free ebook: Affiliate Marketing: Just the FAQs
    Affiliate marketing for brand spankin' newbies
    {{ DiscussionBoard.errors[1716913].message }}
  • Profile picture of the author IMStudentforlife
    Alphanumerical passwords are the only way to go, and change your passwords every 6 months.

    Back them up on a thumbdrive and if you really want to ensure redundancy make notes in a note-book.

    Also if you want to change browsers Firefox has some really great security plugins like WOT and NoScript!
    Signature
    Old School SEO and IM, 1MediaZone

    Running low on inspiration?     The Strangest Secret in the World
    {{ DiscussionBoard.errors[1717228].message }}
  • Profile picture of the author rippy
    Another most common reason for such a problem is virus or malware on your system, I had my FF affected with some trojan bot, for a few sites alone it wouldn't open up or re-direct to some russian sex site. If you have logged in with a spy hit system into your ftp or uploaded documents, I would suggest you to run a scan on the server, it would give you results and you can confirm your security
    Signature
    Tech Updates
    Career Advice Information
    {{ DiscussionBoard.errors[1717559].message }}
  • Profile picture of the author fitzwar
    Another common issue is if you installed your blog via your cpanel using the fantastico it installs the database tables using the default "wp_" prefix which hackers can use to gain access. Its happened to my customers a few times also. There are a number of good security plugins out there you can use. Also taking regular backups of your database is a good idea also.
    {{ DiscussionBoard.errors[1717707].message }}

Trending Topics