Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Need help! My friends wordpress website hacked.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Need help! My friends wordpress website hacked.

Hi All,

I need urgent help for one of my friend's wordpress website based on woocommerce. So we re did the whole webdesign for the website. But then we noticed few wrong posts being posted on the website. When we delete them, they reappear again after sometime. I think his website has been hacked. I tried to scan for malware with few plugins but of no use. Can somebody help in finding the source of this things.

Thanks in advance.

Comments

  • restore from a backup

    Thanked by 3vicks1986 tetech Pwner
  • @Adam1 said:
    restore from a backup

    Since we completed the website only recently, we do not have backup for complete website.

    Thanks

  • Keeping WP safe is not an easy task. But for starters: change passwords, upgrade WP / themes / plugins. Last but not least: try the WordFence plugin to scan / fix and to secure that WP install.

    Thanked by 1vicks1986
  • Get a new friend?

    Thanked by 2vyas11 Plioser
  • Mr_TomMr_Tom Member, Host Rep

    Check that an additional administrator user hasn't been added. If it has, delete that first.

    Then go frm there. You should be able to reinstall all wordpress files from a fresh download without affecting the theme files too much - unless the theme is where the hack has come from then fix that first.

  • Are you using a cracked theme? Or any theme bought from cheap vendors? Mostly such themes will have a backdoor for attack.
    You can pm me the details (if you wish) so that I can have a look.

  • Change login credentials. Remove any unwanted admin Accounts if any. Allow admin login only via white-listed IP address. Download files and scan with virustotal and other tools.

  • @claudio said:
    Keeping WP safe is not an easy task. But for starters: change passwords, upgrade WP / themes / plugins. Last but not least: try the WordFence plugin to scan / fix and to secure that WP install.

    I will a try to this plugin.

    Thanks

  • AK_KWHAK_KWH Member, Patron Provider
    edited August 2020

    Hi,
    Now a days we are facing many new issues within our client site on majority site hackers are using Shell within in ALT text of images while few of them using IMG format shells and few leave it within themes files so its hard to find out all at once what we recommend our clients to download database and save it check the source code of your page get the scripts tags and common words then search it within database if you found then remove them if not then comes back to file manager and check the recent updated files remove them upload the orignal files of fresh wordpress reupload the fresh files of plugin reupload the theme once its dont then check the uploads folder and delete all .php files + .IMG files not .jpg,png :) once done change the password hide WP login Page keep upto date

    IF you still unable to fix it then email me the details i will try to fix it for you :) for Free
    [email protected]

  • @Mr_Tom said:
    Check that an additional administrator user hasn't been added. If it has, delete that first.

    Then go frm there. You should be able to reinstall all wordpress files from a fresh download without affecting the theme files too much - unless the theme is where the hack has come from then fix that first.

    Yes i am going ahead with resintalling all the wordpress core files on a fresh server, to be sure that wordpress files are clean. Will update about it.

    Thanks

  • @Intelpentium0 said:
    Are you using a cracked theme? Or any theme bought from cheap vendors? Mostly such themes will have a backdoor for attack.
    You can pm me the details (if you wish) so that I can have a look.

    I am using free theme available on wordpress.org and customize it further. I will try with few plugins and if they dont work i will send you message.

    Thanks for the help

  • @Ympker said:
    Change login credentials. Remove any unwanted admin Accounts if any. Allow admin login only via white-listed IP address. Download files and scan with virustotal and other tools.

    Will try and scan all the files on virustotal to check for any viruses.

    Thanks

  • first find how your website has been hacked. To be honest it is not hard to clean a WordPress hacked installation while it is a very time consuming task

  • @AK_KWH said:
    Hi,
    Now a days we are facing many new issues within our client site on majority site hackers are using Shell within in ALT text of images while few of them using IMG format shells and few leave it within themes.

    Except for feature image, prudent to use CDN for all images. Heck, there is a plugin to import feature image via URL.

  • @AK_KWH said:
    Now a days we are facing many new issues within our client site on majority site hackers are using Shell within in ALT text of images while few of them using IMG format shells and few leave it within themes files so its hard to find out all at once what we recommend our clients to download database and save it check the source code of your page get the scripts tags and common words then search it within database if you found then remove them if not then comes back to file manager and check the recent updated files remove them upload the orignal files of fresh wordpress reupload the fresh files of plugin reupload the theme once its dont then check the uploads folder and delete all .php files + .IMG files not .jpg,png :) once done change the password hide WP login Page keep upto date

    This may be one of the longest sentences I have ever seen.

  • deankdeank Member, Troll

    Isn't it a common practice to backup a site upon going live for the first time?

    I thought it was.

  • jarjar Patron Provider, Top Host, Veteran
    edited August 2020

    Move your document root to a safe location and create a brand new document root folder. Reinstall a fresh copy of Wordpress, and a fresh copy of the theme and plugins. All need to be brand new copies from the vendors. Connect it to your database and bring over your wp-content/uploads folder AFTER making sure there are absolutely 0 PHP files in it. Of course finish it off with password changes.

    This is almost always sufficient.

    Thanked by 1Pwner
  • @deank said:
    Isn't it a common practice to backup a site upon going live for the first time?

    I thought it was.

    I'm not a WordPress guy, but isn't it standard operating procedure to code locally and then push the changes live at once when done/tested? So there should always be virgin clean copy locally...

    @vicks1986
    Also, no repo with tracked changes? You're doing it wrong.

  • @vicks1986 said:
    Yes i am going ahead with resintalling all the wordpress core files on a fresh server, to be sure that wordpress files are clean. Will update about it.

    Thanks

    And make sure to avoid using null theme or plugin as some of these included some backdoor, malware, etc....

Sign In or Register to comment.