Solved

Wordpress hacked?

Posted on 2011-09-08
5
453 Views
Last Modified: 2012-05-12
WordPress experts:

I noticed in my wordpress website that there is a comment with no author and I can't delete it.  I went into myphp admin and deleted it and sure enough it came back.  I did not think much of it but I have noticed a drop off of in inquiries. So I went to a proxy server and googled a common keyword I rank for and my site never loaded, when others did.  

Any ideas?

Do you think this is in my database?

If I had to make a new site would I need to redo the blog by had, so I don't import the hack?
0
Comment
Question by:jason94024
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 250 total points
ID: 36506250
>> Any ideas?

One comment?  I doubt that one comment would drop you like that so you may want to really look at what's in pages being served.

>> Do you think this is in my database?

Obviously the comment is but more likely the server itself is hacked and someone is remotely running a script that inserts content or further compromises WordPress security for an additional hack script

>> If I had to make a new site would I need to redo the blog by hand, so I don't import the hack?

As above.  The database is probably ok but you need to figure out how this is happening before planning for the future.  To be on the safe side, I would plan on copy/pasting your current content somewhere for an eventual rebuild.

0
 

Author Comment

by:jason94024
ID: 36506470
Thanks

"pages being served." <-- is this something that I would see in the FTP files?
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 36506477
No, just view source on all of your site's content and see if there is a bunch of stuff that shouldn't there (like a huge list of links in a hidden div)
0
 

Author Comment

by:jason94024
ID: 36506602
ok, I don't see anything in the browser when I look at the source.  I guess I will get busy changing sites.
0
 
LVL 10

Assisted Solution

by:c_a_n_o_n
c_a_n_o_n earned 250 total points
ID: 36510451
If you use your FTP to access your files, check the file dates and see if there are any with more recent dates.  You will need to look at your Wordpress install, your theme, and your plugins for changes in dates.  If you determine that there are files with more recent dates and you know that you didn't update those files, I would suggest that these are your culprit.  Download one or more of them and look at their code to determine if any changes have been made.  If so, you may need to redownload Wordpress and the plugins to correct.  

Change your admin passwords.
Change folder permissions accordingly.
This plugin http://wordpress.org/extend/plugins/wp-security-scan/ is great to determine which folders should be at what specific permissions.
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
Make the most of your online learning experience.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question