Hacked website?

Hello ahearne,

It seems someone has set a permanent 301 redirect

I would better suggest you harden your WordPress security by changing the admin details, disable edits from Backend editor and change your FTP details.

https://codex.www.ads-software.com/Hardening_WordPress

Hope this helps.

Thanks.

I also have the same type of issue as “Ahearne”

@ahearne Did you get any solutions for this issue. each time I am updating the index.php file and it writes the code.

any Idea

@saminhi seems okay on my Iphone but my Imac seems to do something different I am unsure about what Safari is doing.

Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

There is no shortcut to a hacked website.

@ahearne did you deactivate or uninstall some plugin or what you did. ?

@saminhi I am unsure will look in to it , @WCLDN 2018 thanks will read articlee.

@kartiks16 thanks for link as well sorry lot going on etc.

Thanks everybody deactivated plugins reset it all and seems ok will see how goes keep you updated Friday etc. if happens still

Just keep your mind open to the likelihood of a backdoor being implemented so the hacker can walk straight back into your site even with the symptom being removed.

Unfortunately still happening.

yes with me too.
someone please help us.

I am not at all an expert but you may start securing php and I removed comment form on my site.

I started by setting .htaccess to specific IP ranges. if I have to edit because I am away I can always cpanel and edit the file remotely.

code I used in my .htaccess

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

also added <Files wp-login.php>
Order Deny,Allow
Deny from All
Allow from ##.##.##
Allow from ##.##.##
Allow from ##.##.##
Allow from ##.##.##
Deny from ##.##.##

used same IP list for

<Files wp-admin$>
Order Deny,Allow
Deny from All

again same IP list

</Files>
<FilesMatch “^php5?\.(ini|cgi)$”>
Order Deny,Allow
Deny from All

(ended above with)
Allow from env=REDIRECT_STATUS=200

last was

</FilesMatch>
Options -Indexes
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>

with my new host the first section broke the site due to updates, it worked with my old host.

wordfence has helped a lot but it’s not the cure all.
if you have not added this to your .htaccess or restricted it.. it will most likely continue. I believe the code was tossed at the contact form and pulled via PHP commands.

if you have done this.. thats about it for me. if not do so and clean the site again.

also remember the machine you are using to fix the site also may have been compromised.

I recommend running a full AV scan and I also use as a on demand both malwarebytes and superantispyware.

@ahearne, did you manage to solve the issue? Unfortunately my clients’ sites are affected by the same issue.