Link to home
Start Free TrialLog in
Avatar of slightlyoff
slightlyoff

asked on

Word Press - Someone wrote to index.php

I was visiting a website I created in WordPress.  When I went to www.mywebsite.com, I got this javascript alert:
"your site may be victim of hackers we offer a solution can contact us sebastiano.gz123@gmail.com"

after downloading the site files, I see that index.php has been physically changed to include this code at the very top:
<script>
alert('your site may be victim of hackers we offer a solution can contact us sebastiano.gz123@gmail.com')
</script>

I removed it and the site is back to normal.

What I'm wondering is, how can someone write to index.php?  Are there security settings I should've been aware of?
I'm using a theme I made - only the second one I've ever done, but I don't know how that would open up WordPress to a hacker.

No other sites on my server seem to be affected (including WordPress sites).

Any suggestions on things I can do to make sure this hack doesn't happen again?  I'm sure it will...

Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Jason C. Levine
Jason C. Levine
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of slightlyoff
slightlyoff

ASKER

Thank you for the help!  I'll take a look at Securi - I downloaded and installed the plugin so we'll see how that goes.
I appreciate the info as well!
Sucuri's plugin does very little by itself.  You would be better off with WordFence...
I'll take a look at that one as well.  Thanks for the heads up.  I might use the service Sucuri offers as well - but being that this was my first theme - I wanted to really know what I missed (if it's my theme that's causing the leak)...  very annoying.  

Thanks again for the help!!!
Might be your theme, but if you hand-coded it yourself then it's more likely a plugin or a folder/file permission set too high. If you altered an existing theme, it might be there.

If you are willing to pay for Sucuri's service, then the plugin and the service get a lot more awesome.