Site was hacked

I would recommend following this guide on what to do if your site has been hacked. When you’re done, you may want to implement some (if not all) of the recommended security measures.

Thanks Geoffrey. I’ve been through that list, but I’m not a hacker or a computer science guy, and no one has all day to spend reading all the posts and comments about the subject, so I was hoping to run into someone who had the same experience and could simplify the process. I’m just stabbing in the dark and hoping it’s right.

All I’ve found so far is some Frontpage stuff in the htaccess file that I didn’t put there, and some corresponding folders. I deleted those, but I’m not sure that’s it.

If no one else responds it’ll have to be trial by fire, and we’ll see if it passes inspection.

I appreciate the response.

@klpiazza

Like i just said on another post, if you are the single admin, look on your local computer potential breaches, someone that is close to you and could see your databases, wp admin, chrome/safari couples of login/passwords.

Later, and if you access your site by ssh, there are logs both on your computer and server that you can check.
Same goes with serious DNS providers, so on (there are logs and access by ip/hour).

Goog luck,

Fran?ois/Digico,

no one has all day to spend reading all the posts and comments about the subject,

– These forums are volunteer-staffed

– If you don’t have time or if you can’t do the work yourself, you have the option of engaging a professional to assist you to fix it.

– If you want to follow that option and hire someone for this, then please try one of these sites:
https://jobs.wordpress.net/
or
https://directory.codepoet.com/

If you want to do it yourself, please start working your way through these resources:

• https://codex.www.ads-software.com/FAQ_My_site_was_hacked
• https://www.ads-software.com/support/topic/268083#post-1065779
• https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
• https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:

• https://sitecheck.sucuri.net/scanner/
• https://www.unmaskparasites.com/
• https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

@digico
Thanks. I did look at the error log that was on the server. there are several days worth of errors that look like this:

[09-Dec-2015 09:49:46 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/p264hab6/public_html/wp-content/plugins/wp-super-cache/wp-cache-base.php:4) in /home/p264hab6/public_html/wp-content/plugins/wp-super-cache/wp-cache-phase1.php on line 222

I assumed those were the result of Register suspending the account. Do you know?

It is not my site so i will have the owner scan his cpu.

Thank you for the help.

@tara
Thanks for volunteering. I appreciate the help.

– Try reviewing this codex to solve header already sent problem: https://codex.www.ads-software.com/FAQ_Troubleshooting#How_do_I_solve_the_Headers_already_sent_warning_problem.3F