New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Need help! My friends wordpress website hacked.
Hi All,
I need urgent help for one of my friend's wordpress website based on woocommerce. So we re did the whole webdesign for the website. But then we noticed few wrong posts being posted on the website. When we delete them, they reappear again after sometime. I think his website has been hacked. I tried to scan for malware with few plugins but of no use. Can somebody help in finding the source of this things.
Thanks in advance.
Comments
restore from a backup
Since we completed the website only recently, we do not have backup for complete website.
Thanks
Keeping WP safe is not an easy task. But for starters: change passwords, upgrade WP / themes / plugins. Last but not least: try the WordFence plugin to scan / fix and to secure that WP install.
Get a new friend?
Check that an additional administrator user hasn't been added. If it has, delete that first.
Then go frm there. You should be able to reinstall all wordpress files from a fresh download without affecting the theme files too much - unless the theme is where the hack has come from then fix that first.
Are you using a cracked theme? Or any theme bought from cheap vendors? Mostly such themes will have a backdoor for attack.
You can pm me the details (if you wish) so that I can have a look.
Change login credentials. Remove any unwanted admin Accounts if any. Allow admin login only via white-listed IP address. Download files and scan with virustotal and other tools.
I will a try to this plugin.
Thanks
Hi,
Now a days we are facing many new issues within our client site on majority site hackers are using Shell within in ALT text of images while few of them using IMG format shells and few leave it within themes files so its hard to find out all at once what we recommend our clients to download database and save it check the source code of your page get the scripts tags and common words then search it within database if you found then remove them if not then comes back to file manager and check the recent updated files remove them upload the orignal files of fresh wordpress reupload the fresh files of plugin reupload the theme once its dont then check the uploads folder and delete all .php files + .IMG files not .jpg,png once done change the password hide WP login Page keep upto date
IF you still unable to fix it then email me the details i will try to fix it for you for Free
[email protected]
Yes i am going ahead with resintalling all the wordpress core files on a fresh server, to be sure that wordpress files are clean. Will update about it.
Thanks
I am using free theme available on wordpress.org and customize it further. I will try with few plugins and if they dont work i will send you message.
Thanks for the help
Will try and scan all the files on virustotal to check for any viruses.
Thanks
first find how your website has been hacked. To be honest it is not hard to clean a WordPress hacked installation while it is a very time consuming task
Except for feature image, prudent to use CDN for all images. Heck, there is a plugin to import feature image via URL.
This may be one of the longest sentences I have ever seen.
Isn't it a common practice to backup a site upon going live for the first time?
I thought it was.
Move your document root to a safe location and create a brand new document root folder. Reinstall a fresh copy of Wordpress, and a fresh copy of the theme and plugins. All need to be brand new copies from the vendors. Connect it to your database and bring over your wp-content/uploads folder AFTER making sure there are absolutely 0 PHP files in it. Of course finish it off with password changes.
This is almost always sufficient.
I'm not a WordPress guy, but isn't it standard operating procedure to code locally and then push the changes live at once when done/tested? So there should always be virgin clean copy locally...
@vicks1986
Also, no repo with tracked changes? You're doing it wrong.
And make sure to avoid using null theme or plugin as some of these included some backdoor, malware, etc....