Wordpress Blog Hacked...

24 replies
Yesterday I had someone new register to my wordpress blog with the username "admin" and then reset the password and changed it. I am not able to access the blog with my username and password now.

And today the same thing happened to another one of my blogs, and the hacker was trying the same technique, but this time, my admin username wasn't admin and so the hacker failed.

Then as a precaution I went on and unchecked the setting that allow anyone to register inside my blogs. So all the rest of my blogs must be secure now.

Anyway I would like to know how to get that hacked blog back to my hands?

Thanks
Spencer Jones
#blog #hacked #wordpress
  • Profile picture of the author Jesus Perez
    Sorry! In order to help, what version of Wordpress are you running?
    Signature

    {{ DiscussionBoard.errors[240279].message }}
  • Profile picture of the author Spencer Jones
    It's wordpress Version 2.6.1. Yes I do have access to the server...
    {{ DiscussionBoard.errors[240292].message }}
  • Profile picture of the author TheRichJerksNet
    Spencer,
    Grab my WSO before I remove it ... Was fixing to do just that ..

    James
    {{ DiscussionBoard.errors[240297].message }}
    • Profile picture of the author Greg Cooksley
      Originally Posted by TheRichJerksNet View Post

      Spencer,
      Grab my WSO before I remove it ... Was fixing to do just that
      ..

      James
      Hey Spencer,

      If you really want to protect your WP blog in future you have
      to get the product that James is offering on his WSO above....

      He really knows what he's talking about....

      Regards

      Greg
      {{ DiscussionBoard.errors[240763].message }}
      • Profile picture of the author TheRichJerksNet
        Originally Posted by Greg Cooksley View Post

        Hey Spencer,

        If you really want to protect your WP blog in future you have
        to get the product that James is offering on his WSO above....

        He really knows what he's talking about....

        Regards

        Greg
        Hey Greg,
        Apprciate you mentioning me there...

        Thanks,
        James
        {{ DiscussionBoard.errors[241000].message }}
  • Profile picture of the author Jesus Perez
    Open up PHPMyAdmin via your control panel. Navigate to the users database, change the admin name and password. When saving the password, select MD5. You will have access to your WP folder again.

    More detail...How to Reset Wordpress Admin Password
    Signature

    {{ DiscussionBoard.errors[240301].message }}
  • Profile picture of the author Bishop81
    You don't have to go through the hassle of reinstalling anything.

    Go into your PHPMyAdmin and navigate to the wp_users table for the blog in question. Find the admin user and click on Edit to edit that row. In the functions dropdown, select "MD5" then for the value enter in the password that you want to change it to. Click Save and you should now be able to enter your blog with that password.

    As long as user registration is disabled, you shouldn't have that problem any more. That doesn't mean your blog is completely secured, but you won't have that specific problem again.
    Signature

    I'm tired of my signature... Deleted.

    {{ DiscussionBoard.errors[240307].message }}
  • Profile picture of the author Spencer Jones
    Any other ways?

    I don't have access to the phpmyadmin of this particular blog, only have access to ftp area. Since I got this domain as part of a competition I was participating and is actually a domain under a main account which is owned by someone else...
    {{ DiscussionBoard.errors[240335].message }}
    • Profile picture of the author Jassa
      Surely, that will be the reason then. If you won it in a competition, the competition was probably conceived to implement some 'tricky business' - or am I just being paranoid?

      2. re: security of blogs, I'd always understood that we should delete the install.php file as soon as we have finished installing.
      Signature


      "Life is a lot like jazz... it's best when you improvise" - George Gershwin
      {{ DiscussionBoard.errors[240413].message }}
  • Profile picture of the author zeurois
    Problem solved?

    If not, PM me. I'll help you reset your password.
    {{ DiscussionBoard.errors[240553].message }}
  • Profile picture of the author Bishop81
    Since you have ftp access, the only thing you can do is to delete the user and and re-register. You can do this with PHP. You will have to get your db connection details from the wp-config.php file, and then use them to make your calls to the database.

    Or, you can update that row in the database in the same fashion. Just write a php page that calls the db and updates the record to whatever you want the password to be.
    Signature

    I'm tired of my signature... Deleted.

    {{ DiscussionBoard.errors[240841].message }}
  • Profile picture of the author Dan Riffle
    I want to piggyback on Greg's comment. I use wordpress as the platform for all of my sites. The recent increase in wordpress hacks has had me nervous.

    I picked up James' WSO and, while I'm no techno geek, I'm pretty confident my sites won't be getting hacked...once I get around to updating them all with the procedures in the WSO. [Where was the back end offer for paid upgrade services, James? ]

    I'm not trying to be a shill here. I don't know James from Adam, but his product is top notch and should solve your wordpress issues going forward.
    Signature

    If you want me to go on arguing, you'll have to pay for another five minutes.

    {{ DiscussionBoard.errors[241051].message }}
  • Profile picture of the author TheRichJerksNet
    Hi riff,
    Thanks .. appreciate it

    Actually did not add any backend offer on WPS .. Thought about it but figure I would wait for v2 which will come out soon and v1 owners will get a huge discount..

    So before I pull WPS for good, grab it now as I do plan on pulling v1 real soon..

    James
    {{ DiscussionBoard.errors[241200].message }}
  • Profile picture of the author Mo Goulet
    I searched the WSO and could not locate James' WSO. Does anyone have a link to it?
    {{ DiscussionBoard.errors[241266].message }}
  • Profile picture of the author TheRichJerksNet
    Its the link in my sig ...

    2nd link

    James
    {{ DiscussionBoard.errors[241292].message }}
  • Profile picture of the author Spencer Jones
    Hello Peter, I just sent you a PM.

    Hello Bishop81, I have access to the wp-config file. Also I can see the database name, user and password. But since I don't know PHP, don't know how to go on from there... Any more help, the ftp way?

    Thanks & Regards
    Spencer Jones
    {{ DiscussionBoard.errors[241311].message }}
  • {{ DiscussionBoard.errors[243877].message }}
  • Profile picture of the author jmorris18
    James , Wow - what is going to be in version 2 of your Wordpress Secured Guide? I would love to hear what you have up your sleeves !!!

    Thanks,
    Jason
    Signature

    Jason Morris

    {{ DiscussionBoard.errors[247710].message }}
  • Profile picture of the author Spencer Jones
    I am wondering what's going on? It's been a long time since I been here, and now seems like there's no control of promotions of WSO's being done on main discussion board...

    Can you guys not comment about the WSO on the WSO thread itself?
    {{ DiscussionBoard.errors[250357].message }}
  • Profile picture of the author Mo Goulet
    Maybe you should read the post first before making your comment.
    {{ DiscussionBoard.errors[250436].message }}

Trending Topics