[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Google says that our company wordpress web site is hacked

Posted on 2016-10-28
6
Medium Priority
?
144 Views
Last Modified: 2016-11-01
My company has a web site made with WordPress. Recently we became aware that Google warned that our web site appeared to be hacked.
When we logged into WordPress controle panel / pages we could see, that someone added some spam pages. We deleted these pages instantly.
Because we only have 6 pages it is very easy to keep an eye of everything.
HOWEVER! - logged into Google Search Console / Security it warns about yet another 6 strange pages all named something like
"http://DOMAIN.dk/page-56789" even after requesting a new evaluation.

My question is, where can we see the actual files on our website, I assume, that this is where we have to look.
0
Comment
Question by:Ohmit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Assisted Solution

by:efrimpol
efrimpol earned 500 total points
ID: 41864618
This link may provide some insight:

https://digwp.com/2012/05/complete-list-wordpress-files/

Note: I don't use WP.
0
 
LVL 6

Assisted Solution

by:efrimpol
efrimpol earned 500 total points
ID: 41864620
0
 
LVL 65

Assisted Solution

by:btan
btan earned 500 total points
ID: 41864837
Change the admin login password to stronger passphrase
https://www.experts-exchange.com/articles/18309/Choosing-an-easy-to-remember-strong-password.html


A user can always browse your web directory, if he knows the location, and if you have not disabled directory browsing. This also put your WordPress blog into danger, and make it prone to hacking.
If you are using WordPress SEO by yoast plugin or Robots meta plugin, you can edit your .htaccess file from the WordPress dashboard.
https://wpsutra.com/how-to-disable-directory-browsing-in-wordpress-using-htaccess/
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 10

Accepted Solution

by:
Prasadh Baapaat earned 1000 total points
ID: 41865765
I cleaned a similar infection for a client.... he approached me with his infected Joomla site.

First step was I changed ALL passwords... (All means of everything like admin/database/Cpanel/Emails etc.)

I created a brand new site (custom template) and deleted the old site + did not use any of the old plugins/extensions etc.

submitted the site for review and I received all clear mail in 12 hrs from Google & the notification was gone in 24 hours...

so I guess the same could be used for your site case.

as you said its a small 6 page site. just recreate it and delete all old site files + database on you server, install the new site and it would be fine.

please don't use anything from old site (except CSS Styles, images & text content)

thanks,
Prasadh
0
 
LVL 65

Assisted Solution

by:btan
btan earned 500 total points
ID: 41865786
You can try the free scanner to surface any more vulnerability and gaps to confirm measure effectiveness

https://sitecheck.sucuri.net
0
 

Author Comment

by:Ohmit
ID: 41868095
Problem not solved. Asking web company for solving this
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
The purpose of this video is to demonstrate how to Import and export files in WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Click on Too…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question