- Site Hacked - worst possible timing

7 replies
I just told my ex-wife that I was willing to build out a website for an auto repair "friend" of hers in trade for repairs to her car. (my kids main mode of transportation).

I was just headed into wordpress to create a quick "sample" site and discovered that my site has been hacked.

I quickly changed the main index page to a "maintainence" page, but i'm stumped on what to do with the wordpress "wp-admin" login page which also re-directs to the hack page.

Any thoughts on how I can get around this problem and log into wordpress?
#hacked #site #timing #worst
  • Profile picture of the author xlfutur1
    That sucks. Check into firewall plugins for WP, there are some good ones. You may have to ftp the affected pages to your desktop and fix the code, strip out the URL its forwarding to.
    {{ DiscussionBoard.errors[3404935].message }}
  • Profile picture of the author Will Perkins
    Originally Posted by BerkleyStreet View Post

    I just told my ex-wife that I was willing to build out a website for an auto repair "friend" of hers in trade for repairs to her car. (my kids main mode of transportation).

    I was just headed into wordpress to create a quick "sample" site and discovered that my site has been hacked.

    I quickly changed the main index page to a "maintainence" page, but i'm stumped on what to do with the wordpress "wp-admin" login page which also re-directs to the hack page.

    Any thoughts on how I can get around this problem and log into wordpress?
    Do you have any backups?

    If not, best option is to start fresh. You never want to try and "repair" hacked files because there's no guarantee you got everything.
    {{ DiscussionBoard.errors[3404965].message }}
    • Profile picture of the author BerkleyStreet
      - I do have a back-up - but I may just start fresh to be sure. I don't know enough about wordpress to even know where to look for the files that may be infected.

      Big Wake Up call - Luckily I didn't have any client sites hosted. The only ones affected were my main biz site and my son's page. My other sites were untouched.
      {{ DiscussionBoard.errors[3405133].message }}
  • Profile picture of the author Dexx
    You might want to check all your website logins / passwords in case one was compromised (some people use the same username and/or password for multiple websites)

    Also check FTP files for the last date they were modified...this will tell you what and when it happened...then you can just restore from before this point and fix those security problems.


    ~Dexx
    {{ DiscussionBoard.errors[3406036].message }}
  • Profile picture of the author Abledragon
    Really sorry to hear that.

    I agree with Will - delete everything and start afresh, importing the latest version of your backed up database.

    As you set up the fresh install here are some steps you can take to improve the protection of your site:

    WordPress Security: Not Just About WordPress | WealthyDragon

    Good luck with getting it all sorted out,

    Cheers,

    Martin.
    Signature
    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[3406447].message }}
    • Profile picture of the author BerkleyStreet
      Thanks guys -

      Learned a big lesson - glad it wasn't the hard way (no client sites).
      Still haven't heard back from HG but chatted with support last night. I've decided to revert my reseller account back to day 1 and treat my experience as a "sandbox".

      Martin - thanks for the info - bookmarked your site.
      {{ DiscussionBoard.errors[3409794].message }}

Trending Topics