Site named changed/hacked?

  • Hi, I installed the iThemes plugin several months ago. In the past month, my site seems to be functioning ok, but the site name has been changed to ” +ADw-/title+AD4-ZeroCool hacked//TURKHACKTEAM+ADw-DIV style+AD0AIg-DISPLAY: none+ACIAPgA8-xmp+AD4- ” when I go to the WP dashboard. The iThemes security digest shows no lockouts, but the logs show a lot of login attempts, a few lockouts and a lot of 404 errors. I have addressed all the high & medium priority items in the “Security Status” section, and nothing seems to be wrong with my site, but I’d like to know how to get rid of what seems to be a hijack of my site’s name. Thanks!

    https://www.ads-software.com/plugins/better-wp-security/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter lindaped

    (@lindaped)

    Well, I went to Settings and changed the name back to the original…but I’m wondering how it got changed in the first place and how to prevent it. Thanks in advance!

    Lindaped, get your site thoroughly checked for hacker code. It is highly unlikely that name change is all they did.

    Have your host backup everything, and label the backup so you know it is “likely hacked”. You need to have the backup so repairs can go ahead.

    https://premium.wpmudev.org/blog/cleaning-up-after-wordpress-hack/ is good; and you should get the idea reading it that cleaning up after your site is hacked isn’t something you want to take on yourself.

    Have a hacked-site recovery professional examine your files and database. Your local WordPress Meetup may have people. Or have Sucuri handle it, they are experts.

    Consider whether it would be better to get your site repaired, or to restore from an earlier backup, and how early you need to go to be fairly certain that backup was before the hack (you’ll need to have some file dates, log entries, etc, to know when the hack happened; don’t just go on “I never noticed anything until ___ date”, hacks often happen in stages.

    p.s. Google “ZeroCool hacked//TURKHACKTEAM” and see how many other sites have it…

    You might find some good ideas how the site got hacked, and what to do beyond having iThemes Security in place, from https://computerhelp.glerner.com/2015-wordpress-security-without-technical-knowledge/

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Site named changed/hacked?’ is closed to new replies.