Help, someone hacked? my wordpress

omehow in the google results for my site underneath my the main link in the metadescription section someone added a bunch of crap about payday loans. when i view source on the affected pages this does not appear.

what happened and how can i clear it?

I see that happens multiple times. The reason could be:

  • an outdated WordPress installation with / or plugin, theme
  • an unsecured plugin, theme

You will need to check everything again, including files, folders and database too.

Will upgrades of Wordpress and all plug ins fix this or do I need to do a fresh install?

If you install Wordfence, you may be able to get away with just using that to disinfect. But I’d also get my site scanned if I was you, by something like cxs.

The ideal thing would be if you had a backup to restore, then you could install Wordfence and use Better WP Security to harden your site. Just saying :slight_smile:

Also just thought that I should point out that even though this is a domain that I’ve had for a while there really isn’t any content on it that I care about. Was planning to start with a new fresh theme and content anyway. Should I just delete everything and do a fresh install? Will that even solve the problem?

In that case, it would be easier to just delete everything and start over with a fresh Wordpress install. That will get rid of the problem. If it was me though, I’d be curious to find out what the cause was so I’d spend some time doing some of the things suggested above.

This is a good advice, so you can avoid trouble in the future.

I disagree. Upgrading the software should fix the issue. If you delete everything and install Wordpress, it will give you the same result.
If anything, you are going through more steps and work for the same end result.

Upgrading wordpress won’t fix a theme or plugin that has a vulnerability, or remove malware or additional files uploaded or aLltered outside of core files, or remove injected content in the database.

I’d suggest you install some security plugins, and most important - make sure all your software is up do date.

My wordpress site was hacked several months ago. Hackers changed my login details, I succeeded to access wp admin after certain changes in the database. After that I installed wp better security plugin and it solved the problem. This plugin is really great.

I have now been using Wordpress for years. Only hacked once and that was caused by a rogue plugin.

My tips:

Do not use “admin” for the name of your admin account.
Ideally use htaccess to whitelist your IP address for /wp-admin (I do this for my most important sites and the logs do report a lot of people failing to brute force their way in).
Install Secure Wordpress and Wordpress Firewall plugins
Use a trusted theme - many old themes may look nice but the vulnerabilities are rarely patched
Ideally lock down your FTP - I use Cpanel and my host added the feature where you whitelist your IP for FTP access (you can give global access for a limited time too).

I have experienced to hacks, one was a trojan/virus on a PC which sniffed FTP details and then simply uploaded its own files. The other was an image upload plugin for Wordpress which has a vulnerability.

Oh yeah, and backup often. Ideally automated backups to a non-public folder and download them too.

Backups are essential… As well as keeping track of your htaccess file…

This is great advice, @jonbey;. I would add/modify the suggestion on FTP and recommend either SFTP or (even better) SSH access.

Can you provide a solid example (for the uninitiated) of the details required in the .htaccess file?
Also, where/how to locate this hidden file on most systems.

That would make this thread a valuable resource for many members who use Wordpress but are not highly technical.

The biggest culprit is always using outdated software. So many times I see people use the last generation software without updating which results in loop holes for exploits. I don’t know why so many people fail to update when it is free.

It may be the comments in which spamming is going on. You should have an option that comment should be approved by admin and also keep your wordpress upto date as many bugs has been released and wordpress is always trying to patch it with latest version or patch release .

Similar thing happened to me with Joomla and this might help you. Basically spammers where registering and posting ridiculous posts in certain parts of my websites although I had no resister form. Basically I had to switch off the login functionality.

I suggest to update to the latest wordpress version and remove any dodgy plug-ins that are outdated. If you do not allow users to register, make sure the register functionality is disabled. Also check your database size, mine had gone up from 4mb to 105mb, then I just removed the posts done by the spam user and it went back down.

Hope you solve the issue.