Got Hacked

  • Hi Team,

    From last 2 days, my websites are not working, it’s getting redirected to any website as in malware. After, some analysis from File Manager in Cpanel, I noticed that, the following code is added in each & every file from File Manger.

    [hack code removed by moderator]

    I really need your help, can’t understand what to do?

    Is this really hacking or anything else?

    Regards,
    Shridsan

    • This topic was modified 5 years, 8 months ago by James Huff.
    • This topic was modified 5 years, 8 months ago by James Huff. Reason: hack code removed, moved to Fixing WordPress
Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator James Huff

    (@macmanx)

    Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

    Thread Starter shridsan2010

    (@shridsan2010)

    I have checked the files using Block Port option from cpanel, it shows that the above is code is added in almost 3000 files and another code in remaining files, now it’s very difficult to remove that code from each file.

    Also, I think the code is getting added in another files continuosly.

    Please help, what should I do?

    Regards,
    Shridsan

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Since you didn’t seem to read the guide James posted, here’s a summary:

    1. Make a list of all the plugins you’ve installed and your current theme.
    2. Download all of those plugins and themes from their original sources. Unzip the theme.
    3. Download a fresh copy of WordPress and unzip.
    4. Backup your site.
    5. Via FTP or your hosting control panel’s file manager app,
    5a. delete the directories wp-admin and wp-includes.
    5b. delete all .php files in the root of your site except wp-config.php
    6. When you unzipped wordpress in #3, it created a “wordpress” directory. Upload all the files and directories therein to your site.
    7. In wp-contents/themes, delete all themes. Upload the theme folder you unzipped in #2.
    8. in wp-contents/plugins, delete all directories. This will remove all plugins. As you should be able to login now, reinstall all your plugins.

    At this point, your site is *probably* clean, but it wouldn’t hurt to check .htaccess and wp-config.php for stuff that looks like hacks.

    Install WordFence. Set it for a high sensitivity scan and scan your site.

    Thread Starter shridsan2010

    (@shridsan2010)

    Thanks, I’ll do the same.

    Regards,
    Shridsan

    Thread Starter shridsan2010

    (@shridsan2010)

    Very Grateful…it worked. Thank u so much.

    BTY, how did this happen to my website means someone did it intentionally or happened because of some plugin or theme.

    Also, what precautions should I take apart from WordFence, should I go for SSL Certificate?

    Again thanks for the help.

    Regards,
    Shridsan

    Moderator James Huff

    (@macmanx)

    BTY, how did this happen to my website means someone did it intentionally or happened because of some plugin or theme.

    It could have been anything from an intentional attack, to a compromised theme or plugin on the site, to even a compromised site on the same shared server. The important thing is (I assume) you found and removed the attack the vector, and cleaned up the damage.

    Also, what precautions should I take apart from WordFence, should I go for SSL Certificate?

    As mentioned in my first reply 2 days ago, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Got Hacked’ is closed to new replies.