my website is showing "hacked" message what should I do?

Hi,

The host server restored my site in seconds.

I am not sure how it happened. A post mortem is called for.
I am composed.

Visit the WordPress key generator to obtain a new random set of keys, then overwrite the values in your wp-config.php file with the new ones.

Does this mean just paste the key generated on wp-config.php?
Two things to note:
1.
W3Total Cache asked something about .htaccess file when I checked in admin panel.

I have changed password. I am scanning my PC.
2.
I had installed Secure WordPress plugin few days ago.

I am planning to delete the whole database and files and restore from backup.

I shall study about hacking websites and security measures.
Any body any suggestions?

I changed admin password.

Now I am not able to login to admin panel with the changed admin password.

Julio Potier (Juliobox), please do not post for jobs here.

Visit the WordPress key generator to obtain a new random set of keys, then overwrite the values in your wp-config.php file with the new ones.

Go here: https://api.www.ads-software.com/secret-key/1.1/salt/

Copy/paste those into wp-config.php ?? It’s realluy that easy.

W3Total Cache asked something about .htaccess file when I checked in admin panel.

Yes, it needs to write to that file. You can turn it off for now.

I changed admin password.

To help protect against hacking, it can also be a good idea to make a new admin account (with a name other than “admin”, obviously), then delete the old one…and then you would also no longer have a user #1 for someone to try to break into.

I shall study about hacking websites and security measures.
Any body any suggestions?

I know it’s often repeated but give this a read.

You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
https://codex.www.ads-software.com/Hardening_WordPress
https://www.studiopress.com/tips/wordpress-site-security.htm

It’s a lot to take in but that information can help you get a handle on your site.

Hi
Ipstenu (Mika Epstein)
leejosepho
Jan Dembowski

I appreciate your guidance. It is good to know some one is supporting.

I am not able to login to my admin or cpanel when I used my changed password.

What’s next?

Ashok Koparday

Hi,

The server host gave me cpanel password. I logged in and went to recover my admin password <https://www.wpbeginner.com/beginners-guide/how-to-reset-a-wordpress-password-from-phpmyadmin/&gt; as given here.

I was asked by cpanel to login again. Now cpanel is not accepting the same password.

I had my website email on Google Apps and I changed that password too. So at least email is working otherwise I cannot login to dashboard nor to cpanel.

Tnanks for your help in advance

There are a number of ways to reset your WP password, see Resetting Your Password. Unfortunately, many of them require cpanel access, but if you still have FTP access, you can still try many of the techniques.

To regain cpanel access, look for a link on the login page about dealing with forgotten passwords. If you have no success with online methods, you will have to telephone your host customer support.

Ipstenu (Mika Epstein),
leejosepho,
Jan Dembowski,
bcworkz,

Thanks for the support.

I had changed the cpanel password and logged in. With that same password I was not able to use Filezilla.

I got the password changed from the host server.

December 2012 backup is used to restore.

Now I am deleting all files except uploads and the loose files wp-config and others.

I want to change secret keys. I’ll get from the WordPress key generator new set of random keys and overwrite the values in wp-config.php file.

I have almost 6 backups of January 2013, but I will not use them.

If you can suggest mobile first/mobile friendly theme I will appreciate as I will be redoing the whole web design.

I truly appreciate your support.

Best wishes,
Dr. Ashok Koparday

Ipstenu (Mika Epstein),
leejosepho,
Jan Dembowski,
bcworkz,

Which security plugins in your opinion are best and must?

(I had secure wordpress installed few days earlier. They replied you didn’t purchase our pro version.)

Now I am deleting all files except uploads and the loose files wp-config and others.

Malicious scripts can be hidden anywhere! The uploads folder is a favorite hiding place. If you don’t delete everything, what you’ve done so far could end up being a waste of time.

I can’t recommend any plugin, only from lack of experience, not because I think it’s a bad idea. My only protection is strong passwords and good security habits, and a few minor measures from the Hardening WordPress article. I see hundreds of hack attempts every day in my logs and so far have had no problems—knock on wood ??

Re: “secure wordpress pro” Ha! If their demo version is weak, why would anyone think pro is better? What a crock.

Which security plugins in your opinion are best and must?

A bit like bcworkz has said, my “lack of experience” stops me there (since I have only ever actually used two). Most important, I believe, and like being sure to use strong passwords, is to replace the “admin” account with something else. I have only ever seen evidence of two possible hackers trying to get into my site, and “admin” was the username being used along with some kind of password generator. So since everybody knows everybody has an account named “admin”, I do not.

Better WP Security will help you rename your admin account and make it no longer be user #1. After doing that and trying some of its other features — check with your server for specific compatibilities — I ultimately began using Bulletproof Security and stuck with that one.

Ipstenu (Mika Epstein)
Half-Elf Support Rogue & Mod
leejosepho
Jan Dembowski
Volunteer Mod. & Brute Squad
bcworkz

I want to thank you all for being a support in my time of crisis.

I installed Wordfence Security plugin 12 hours ago and I got 50 attempted logins all using ‘admin’. (Note: Even though my login name was not admin the site was hacked.)

WebsiteDefender WordPress Security, which was installed 3 days prior to hack, did not reveal anything in it’s scanning. On informing them the support team asked me to take ‘Pro’ version.

Besides, I am thankful to server host support, which was helpful.

I used to have daily backups of my site on Google Drive using UpdraftPlus Backup/Restore plugin. If anybody wants to do post mortem to find how/why of the hack I can give my backup. I don’t think I have the expertise to do that myself.

Best wishes for a secure web site,

Dr. Ashok Koparday

Thanks everybody for being available in time of need.