9 {{ upvoteCount | shortNum }}
9 {{ upvoteCount | shortNum }}

My Wordpress website just got hacked

by munstersg01
7 replies
My wordpress website just got hacked

I couldn't login at all

Initially I was ranking #2 for a keyword that has 2.7 million competition in quotes.

I notice from my Adsense channels that for that particular keyword my income dropped drastically from about $2 a day to $0 a day.

I went to check and noticed that a bunch of nonsense script replaced my original content.

If you ever encounter such problem go to your webhosting cpanel and access your wordpress through your phpMyAdmin.

Once you are in phpMyAdmin a list of database will appear, click on your wordpress data base.

Scroll down and look for wp_users. Click on the icon to browse the content. Will be able to see your user_login and user password.

First thing I did was change the hacker's email into my email.

Then update password through my own website wp_admin login panel.

I reset my password and received my new password via email.

Went to my wordpress profile and change my password again.

I hope the above will be useful for you if you ever encounter such problems.

It took me a full hour to restore my website back to its former content and looks.

I also had to ping and re-submit my rss feeds in hopes for the search engines to re cache my website.

I wonder if some warriors are able to share how do you protect and secure your wordpress websites and blogs.

Any recommendations is deeply appreciated.
#hacked #security #website #wordpress
  • Profile picture of the author zomex
    I hate it when I hear about stories like this. One of my clients Wordpress sites got hacked a couple of weeks ago but he was running an old version of Wordpress. His site was showing a 'Google warning' because it was distributing Malware. The hacker added 1 line of encoded PHP to the root index.php file in the Wordpress directory so it wasn't too bad.

    I hope you recover any lost rankings in Google! It was a wise move diving into phpmyadmin to change the email back to yours. Hopfully others will find your post helpful.

    My advice would be to check each file for dodge encoded PHP. It shouldn't be hard to find if there is any as Wordpress doesn't encode any code by default.

    Jack
    Signature
    Zomex - Responsive whmcs templates since 2009 | whmcs coupons
    {{ DiscussionBoard.errors[2962828].message }}
  • Profile picture of the author munstersg01
    Now my website is not ranked in Google, Bing and Yahoo at all. I am just glad that my website is still being indexed.

    Thanks for the advice.

    It will take me some time to repair the damage to my rankings.
    Signature
    EZ Ecovers New WSO Live Now, Create Ecovers using GIMP or Sumopaint with Ease

    Unlimited Online Backup for less than $0.05 per day
    {{ DiscussionBoard.errors[2962855].message }}
    • Profile picture of the author zomex
      Originally Posted by munstersg01 View Post

      Now my website is not ranked in Google, Bing and Yahoo at all. I am just glad that my website is still being indexed.

      Thanks for the advice.

      It will take me some time to repair the damage to my rankings.
      I'm sure you already know this but make sure you use a really strong password and keep every plugin, theme and Wordpress itself up to date. If there's any plugins/themes that you're not using it's always better to delete them completely.

      Jack
      Signature
      Zomex - Responsive whmcs templates since 2009 | whmcs coupons
      {{ DiscussionBoard.errors[2962868].message }}
  • Profile picture of the author Bane
    Hey there, some of the ways around this are really straightforward:

    Change your wordpress login page so it isn't /wp-login.php and /wp-admin/
    Setup limited login attempts (so people can't bruteforce passwords)
    Use a password service like logaway, etc so you are never typing your password (keyloggers can't get you)
    Make sure you have a long password in general
    Do not respond to phishing attempts (Using certain password services will help here)
    Signature
    {{ DiscussionBoard.errors[2962863].message }}
  • Profile picture of the author scorpio9
    Unfortunately, this is very common and at the same time can be easily prevented most of the time. There are several steps you can take such as;
    • making sure you always have the most recent version of WP.
    • restricting IP used to login to Admin (plugin available)
    • use WP Security Scan (plugin)
    • Change default database table prefix from wp_ to something else (plugin available)
    • Dont use Admin as default login (get RoboForm, use it to generate usernames/passwords and auto login to all online accounts)
    • Hiding the WP version (plugin available)
    • be very careful when using unknown plugins (look at number of downloads and age of plugin)
    it's a bit of a pain to do this but it is necessary and you only have to do it once. WP is opensource so the code is available to everyone and there are people only to ready to exploit it for whatever reason.

    Most of the plugins you need you can find for free or very cheaply

    good luck

    Lee



    Originally Posted by munstersg01 View Post

    My wordpress website just got hacked

    I couldn't login at all

    Initially I was ranking #2 for a keyword that has 2.7 million competition in quotes.

    I notice from my Adsense channels that for that particular keyword my income dropped drastically from about $2 a day to $0 a day.

    I went to check and noticed that a bunch of nonsense script replaced my original content.

    If you ever encounter such problem go to your webhosting cpanel and access your wordpress through your phpMyAdmin.

    Once you are in phpMyAdmin a list of database will appear, click on your wordpress data base.

    Scroll down and look for wp_users. Click on the icon to browse the content. Will be able to see your user_login and user password.

    First thing I did was change the hacker's email into my email.

    Then update password through my own website wp_admin login panel.

    I reset my password and received my new password via email.

    Went to my wordpress profile and change my password again.

    I hope the above will be useful for you if you ever encounter such problems.

    It took me a full hour to restore my website back to its former content and looks.

    I also had to ping and re-submit my rss feeds in hopes for the search engines to re cache my website.

    I wonder if some warriors are able to share how do you protect and secure your wordpress websites and blogs.

    Any recommendations is deeply appreciated.
    Signature
    BeaconSites - Websites Designed For Lead Generation & Conversions
    {{ DiscussionBoard.errors[2962947].message }}
  • Profile picture of the author munstersg01
    Thanks Jack I really appreciate it. And thanks Bane.

    To be honest I am not too technical I took almost a whole day to learn to go phpMyAdmin to solve the problem.

    By the way I received some PMs about the low income from such high competition keyword.

    My keyword does not get alot of searches, a month I average about 580+ impressions.

    For that particular keyword if I go to Google and search for that term and when I click on the last number of pages and keep clicking it only shows that only 81 of the pages of content. Meaning only 81 indexed pages of information which is way less than 2.7m

    Why does this happen for some keywords is beyond me.

    On a day I average about 2-3 clicks. It happens only that the product niche is paying pretty well for clicks but the traffic is horrible.
    Signature
    EZ Ecovers New WSO Live Now, Create Ecovers using GIMP or Sumopaint with Ease

    Unlimited Online Backup for less than $0.05 per day
    {{ DiscussionBoard.errors[2962971].message }}
  • Profile picture of the author haley_smith
    some malicious plugins like plugins that have key loggers. You should be careful in downloading some of them. Well its kinda hard to bounce from a near fall when Google recognize your site as spreading a malware. But hopefully you can get your reputation back.
    {{ DiscussionBoard.errors[2963188].message }}

Trending Topics