I've Been Hacked Repeatedly, "Help"...

You need to know where the "hackers" are entering, most webhosting companies won't fix scripts with vulnerabilities. Always keep WP update and be careful with the plugins you use...

A wise man said the definition of insanity is doing the same thing repeatedly while expecting different results.

Even if your host isn't at fault, you can't expect everything to be okay when you're just restoring from the same backup over and over again. Even excluding your themes, plugins and other customisations doesn't rule out the possibility that your core files contain malicious code. You're just restoring to the same compromised or vulnerable state ready for another round of frustration.

Before you do anything, take that cPanel backup for good measure. But don't do anything with it.

Can you access the Wordpress admin panel at all? If memory serves, there should be a backup/restore facility in there that outputs just your posts, pages and comments to an XML file.

If you can get that, you can wipe everything clean and start afresh with a new, preferably manual installation (not through the cPanel/Fantastico auto-installer or whatever) and then restore all that stuff in the same way.

The problem with this method is that you'll have none of the images or uploads associated with your posts, which aren't stored in the database. But you can manually go through all those folders to ensure there's nothing nasty in there before uploading them again.

This way, you've essentially rebuilt your site from scratch by bringing over the very minimum of files and data from before. Everything should be okay content-wise, and you can start looking at putting your themes and plugins back - but very carefully, and not before going through them all with a fine-toothed comb. Leave out everything that's unnecessary and those less popular plugins that don't appear to be actively maintained.

There's still bound to be a few loose ends with this method, and I'm afraid it doesn't preserve whatever data your plugins put in the database, if any. But for relatively small and simple sites this can work well as a last resort.

Sounds like wp-head injection. Are you using nulled templates or plugins? The guy who shared it, has most likely made there injection code. This can happen even if you downloaded it from wordpress plugins database.

I cant remember plugin name, but search on wordpress plugins "vulnerability scan" or something similar. There is few plugins that is made to find exploits on plugins and templates you are using.

Hope you get it fixed

There are some good scanners that will look at all the files on the server. I tend to depend on Wordfence, and that seems to so a good job. If you have any plugins obtained from sites other than WordPress.org, Wordfence only looks for known exploits and cannot compare them to the distributions, you might run those files through virustotal just for a second look if you can't do without them.

Here's what you can do to prevent any hacking attempts:

- get a plugin like bulletproof security - it's an .htaccess protection plugin, works rather well
- don't use BlueHost (it's an EIG company and they are known for lowering the quality of their service)
- check out Sucuri Security - a great solution for website monitoring
- use a backing up plugin for WP - something like Online Backup For WordPress - it will allow you to restore your site, should anything bad happen
- use these two plugins for more protection: WordPress › Theme Authenticity Checker (TAC) « WordPress Plugins and WordPress › AntiVirus « WordPress Plugins

I had my site hacked twice. Nothing nice. Anyway, if you're interested, I described some of my adventures here: There's Some Malware on Your Site

Make sure you're changing all access passwords including the ones for your hosting panel, FTP, and your website's MYSQL database. And make sure you're using a super secure password with at least one capital letter, multiple numbers, and a symbol or two wouldn't be a bad idea either.

Also make sure you're keeping Wordpress up to date along with all the plugins you use. It might be a good idea to actually go though plugin by plugin and go check out the official plugin rankings and comments on the Wordpress website. In fact, a complete Wordpress and plugin reinstall may be in order. This would get rid of any rouge files the hackers may have put on your system during the first attack.

In addition to what everyone else has mentioned, add the Wordpress plug in: Limited Login Attempts.

I second the recommendation for wordfence, a stellar plug-in that even seems to keep my own outsourcers out if they're acting too suspicious :-)

These are free Wordpress.org plugins that will check theme security.

Theme Authenticity Checker
Exploit Scanner
Theme Check

It is also possible that they are attacking a vulnerability in WP to inject the code externally from the website interface.

You can use these WP plugins to help secure your site:

Block Bad Queries
Wordfence
WP Security Scan

Just search plugins at WP or in your dashboard to read more or install them.

When I was repeatedly hacked and the person I hired couldn't seem to get rid of them, I went to Sucuri Security -- they did the trick, and then installed their monitoring system. One site was about $90/year at that time, but you can buy packages too.

It sounds like you are viewing hacked pages stored in your browser cache. This may explain why other people are viewing the page OK, but you're seeing hacked pages. If the problem has been reported as fixed, try clearing your browser cache before checking your pages.

2 key plugins are

Wordfence
WP File Monitor <<< this one will tell everytime a file chnages

I use "Limit Login Attempts" plugin.

Works fine for me.
Ez

never use null theme and use security plugin like better wp plugin to protect it.

I'm no expert but the obvious reason could be a plugin which isn't updated... A simple line of code can cause hackers to get access.

Wordpress is great, but the free plugins you download somewhere can cause serious problems. Always be careful what you download and never ever download nulled plugins or themes.

I would run your site through cloudflare from your host.

...or have it scanned by a professional IT fellow. Maybe you will have to build it again with all the breaches in it.

If you're looking for a professional to help, ping Nathan Briggs at

WordPress stressing you out? - Nathan Briggs

'taint nothing the man doesn't know about WP Security.

Judy K is also hugely knowledgeable as well.

Plugins I use are

https://wordpress.org/plugins/wordfence/

WordPress › Support » All In One WP Security & Firewall

Best of skill fixing it!

I am guessing you are using word press. Well, that is just a guess. STOP using word press. I use plain HTML and it uses a lot less resources. That allows me to make a profit and building my sites is way easy. Hey, trust me on this one. NERD press is a resource pig. Also, breaking in is a snap. Like stay away from programs that use MYSQL - stay away.

The first problem you have is using bluehost and the 2nd is using wordpress as a website. If you contact me I can stop the hacking 100% for you and even host you on a dedicated secured server. I can help you protect wordpress as I have ripped the coding part back and front many times.

What is your admin login username for both cpanel and wordpress? If it is admin, then you better add another admin account with another name, and delete the one with the username. Change it to something totally unrelated to your site and secure with a good password. That is the first line of defence you should have.

How to check your site for base64 links

Everyone: It seems this thread had lain dormant from the back end of January until a few days ago, when JensSteyaert mysteriously revived it. Unless I'm missing something (e.g. the OP's reappearance in posts subsequently deleted) there appears little point in sustaining it?

Web root is the best out there

I'm finding this information useful.