Solved

Google says that our company wordpress web site is hacked

Posted on 2016-10-28
6
100 Views
Last Modified: 2016-11-01
My company has a web site made with WordPress. Recently we became aware that Google warned that our web site appeared to be hacked.
When we logged into WordPress controle panel / pages we could see, that someone added some spam pages. We deleted these pages instantly.
Because we only have 6 pages it is very easy to keep an eye of everything.
HOWEVER! - logged into Google Search Console / Security it warns about yet another 6 strange pages all named something like
"http://DOMAIN.dk/page-56789" even after requesting a new evaluation.

My question is, where can we see the actual files on our website, I assume, that this is where we have to look.
0
Comment
Question by:Ohmit
6 Comments
 
LVL 6

Assisted Solution

by:efrimpol
efrimpol earned 125 total points
ID: 41864618
This link may provide some insight:

https://digwp.com/2012/05/complete-list-wordpress-files/

Note: I don't use WP.
0
 
LVL 6

Assisted Solution

by:efrimpol
efrimpol earned 125 total points
ID: 41864620
0
 
LVL 62

Assisted Solution

by:btan
btan earned 125 total points
ID: 41864837
Change the admin login password to stronger passphrase
https://www.experts-exchange.com/articles/18309/Choosing-an-easy-to-remember-strong-password.html


A user can always browse your web directory, if he knows the location, and if you have not disabled directory browsing. This also put your WordPress blog into danger, and make it prone to hacking.
If you are using WordPress SEO by yoast plugin or Robots meta plugin, you can edit your .htaccess file from the WordPress dashboard.
https://wpsutra.com/how-to-disable-directory-browsing-in-wordpress-using-htaccess/
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 10

Accepted Solution

by:
Prasadh Baapaat earned 250 total points
ID: 41865765
I cleaned a similar infection for a client.... he approached me with his infected Joomla site.

First step was I changed ALL passwords... (All means of everything like admin/database/Cpanel/Emails etc.)

I created a brand new site (custom template) and deleted the old site + did not use any of the old plugins/extensions etc.

submitted the site for review and I received all clear mail in 12 hrs from Google & the notification was gone in 24 hours...

so I guess the same could be used for your site case.

as you said its a small 6 page site. just recreate it and delete all old site files + database on you server, install the new site and it would be fine.

please don't use anything from old site (except CSS Styles, images & text content)

thanks,
Prasadh
0
 
LVL 62

Assisted Solution

by:btan
btan earned 125 total points
ID: 41865786
You can try the free scanner to surface any more vulnerability and gaps to confirm measure effectiveness

https://sitecheck.sucuri.net
0
 

Author Comment

by:Ohmit
ID: 41868095
Problem not solved. Asking web company for solving this
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
The purpose of this video is to demonstrate how to add AdSense Ads to a WordPress Website, and how to set up WordPress to automatically place Ads in Sidebars. This will be demonstrated using a Windows 8 PC. Log into your AdSense account. : Cli…
The purpose of this video is to demonstrate how to set up basic WordPress SEO. This will be demonstrated using a Windows 8 PC. The plugin used will be WordPress SEO by Yoast. Go to your WordPress login page. This will look like the following: myw…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question