Google says that our company wordpress web site is hacked

My company has a web site made with WordPress. Recently we became aware that Google warned that our web site appeared to be hacked.
When we logged into WordPress controle panel / pages we could see, that someone added some spam pages. We deleted these pages instantly.
Because we only have 6 pages it is very easy to keep an eye of everything.
HOWEVER! - logged into Google Search Console / Security it warns about yet another 6 strange pages all named something like
"http://DOMAIN.dk/page-56789" even after requesting a new evaluation.

My question is, where can we see the actual files on our website, I assume, that this is where we have to look.
OhmitAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Prasadh BaapaatConnect With a Mentor Web Designer & DeveloperCommented:
I cleaned a similar infection for a client.... he approached me with his infected Joomla site.

First step was I changed ALL passwords... (All means of everything like admin/database/Cpanel/Emails etc.)

I created a brand new site (custom template) and deleted the old site + did not use any of the old plugins/extensions etc.

submitted the site for review and I received all clear mail in 12 hrs from Google & the notification was gone in 24 hours...

so I guess the same could be used for your site case.

as you said its a small 6 page site. just recreate it and delete all old site files + database on you server, install the new site and it would be fine.

please don't use anything from old site (except CSS Styles, images & text content)

thanks,
Prasadh
0
 
efrimpolConnect With a Mentor Commented:
This link may provide some insight:

https://digwp.com/2012/05/complete-list-wordpress-files/

Note: I don't use WP.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
btanConnect With a Mentor Exec ConsultantCommented:
Change the admin login password to stronger passphrase
https://www.experts-exchange.com/articles/18309/Choosing-an-easy-to-remember-strong-password.html


A user can always browse your web directory, if he knows the location, and if you have not disabled directory browsing. This also put your WordPress blog into danger, and make it prone to hacking.
If you are using WordPress SEO by yoast plugin or Robots meta plugin, you can edit your .htaccess file from the WordPress dashboard.
https://wpsutra.com/how-to-disable-directory-browsing-in-wordpress-using-htaccess/
0
 
btanConnect With a Mentor Exec ConsultantCommented:
You can try the free scanner to surface any more vulnerability and gaps to confirm measure effectiveness

https://sitecheck.sucuri.net
0
 
OhmitAuthor Commented:
Problem not solved. Asking web company for solving this
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.