Hacked Wordpress website

I recently tried to open my website in a browser and found out it was not accessible and also my WP control panel. Also nothing seem to work on my hosting control panel because i tried deleting files but it won’t.

Did you try to contact your web hosting provider about this?

Try to Contact your webhosting provider and then they might restore you data and services from the last time you logged out. Also from next time try to use proper framework like genesis framework by studio press. I am also using this, it quite nice for security purposes.

Adding more onto something that is already broken will not help. It’s like re-enforcing your house with a steel door and saying that your house is really secure. Then when a robber comes a long and they say “Hey look, the windows are opened.”

It honestly won’t help at all. Putting glue on something that is already broken and can’t be fixed is something you shouldn’t do.

I proposing immediately changing your account password and regularly change it and don’t use passwords you’ve used before. Next create backups every 5 days. Then, ask your service provider if they can give you the latest version of PHP, MySQL, and Apache/ Ngnix. Lastly, update every plugin and Wordpress whenever it has updates available. Old versions of anything can be exploited.

2 Likes

First thing you should do is to ask your hosting provider to run a scan (they have the tools) to find out which files are responsible for this. This can give you a quick idea how this happened. Old unsupported plugins are mostly the culprits behind this. Sometimes free themes, even paid ones knowing leave hacking becons to manipulate your installation when your license is out of date or just for malicious intentions.
Like spaceshiptrooper said, double check each installed and active plugin. If you don’t need a plugin just delete it.
Double check file permissions on various folders and see how many of them are 755 or 777.
Go to the file manager and see which are the latest files? Double check if those latest files are the ones you have edited recently. If not, they might be the infection sources or infection mediums.

Run anti-virus and anti-malware scans on any computer that you use for development or FTP access and also change your FTP password, making sure that it’s a strong password

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.