Word Press - Someone wrote to index.php

Posted on 2015-02-07
Last Modified: 2015-02-09
I was visiting a website I created in WordPress.  When I went to, I got this javascript alert:
"your site may be victim of hackers we offer a solution can contact us"

after downloading the site files, I see that index.php has been physically changed to include this code at the very top:
alert('your site may be victim of hackers we offer a solution can contact us')

I removed it and the site is back to normal.

What I'm wondering is, how can someone write to index.php?  Are there security settings I should've been aware of?
I'm using a theme I made - only the second one I've ever done, but I don't know how that would open up WordPress to a hacker.

No other sites on my server seem to be affected (including WordPress sites).

Any suggestions on things I can do to make sure this hack doesn't happen again?  I'm sure it will...

Question by:slightlyoff
  • 3
  • 2
LVL 70

Accepted Solution

Jason C. Levine earned 250 total points
ID: 40596307
What I'm wondering is, how can someone write to index.php?  Are there security settings I should've been aware of?

Sort of.  What happened is your hosting is compromised or you have vulnerability in a plugin or theme file that is being exploited.

I've written an in-depth article on this:

Assisted Solution

by:Alicia St Rose
Alicia St Rose earned 250 total points
ID: 40597814
You might want to sign up for services. They are WordPress friendly! They will monitor your site and stamp out anything they find right when it's starts to happen.

They got rid of some crazy Viagra links that wouldn't die from one of my client's sites.

Author Closing Comment

ID: 40598319
Thank you for the help!  I'll take a look at Securi - I downloaded and installed the plugin so we'll see how that goes.
I appreciate the info as well!
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

LVL 70

Expert Comment

by:Jason C. Levine
ID: 40598424
Sucuri's plugin does very little by itself.  You would be better off with WordFence...

Author Comment

ID: 40598430
I'll take a look at that one as well.  Thanks for the heads up.  I might use the service Sucuri offers as well - but being that this was my first theme - I wanted to really know what I missed (if it's my theme that's causing the leak)...  very annoying.  

Thanks again for the help!!!
LVL 70

Expert Comment

by:Jason C. Levine
ID: 40598448
Might be your theme, but if you hand-coded it yourself then it's more likely a plugin or a folder/file permission set too high. If you altered an existing theme, it might be there.

If you are willing to pay for Sucuri's service, then the plugin and the service get a lot more awesome.

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

How to install BuddyPress on your self-hosted WordPress site It’s been called everything from “social networking in a box” to “Facebook without the terms of service,” but until Feb. 16, BuddyPress was a relatively unknown outside the WordPress MU…
WordPress is constantly evolving, and with each evolution appears to get better and better.  One of the big drawbacks prior to version 3 was that there was no way to be able to set up a custom menu from the backend. The Old Way Adding menus is…
The purpose of this video is to demonstrate how to create a Printer Friendly PDF on a WordPress Page. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome Screenshot” Google Chrome Extension, and Log…
The purpose of this video is to demonstrate how to Test the speed of a WordPress Website. Site Speed is an important metric of a site’s health. Slow site speed can result in viewers leaving your site quickly and not seeing your content. This…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now