Help! My WordPress site got hacked! What can I do?

I’ve just gone to my website and found that it’s showing links to an unsavory site. I didn’t put them there and they weren’t there last week. Can you give me some pointers as to what I should be looking at?

It’s a shame isn’t it? You put all that effort into building a site and some script kiddie comes along and violates it for you. You come along and find links to naughty sites, pharmaceuticals and all sort of things!

Anyway, here are a list of things to think about when cleaning the infection:

Make sure that your files on the server are clean. That means deleting and re-uploading. Files that you don’t replace, should be swept.

Check for files that don’t belong, directories that don’t belong. Image files with changed timestamps — look at those. Its VERY common for there to be scripts on sites that are named in such a way to mask the fact that they are scripts.

Be suspicious, when you’re looking at things.

Look at your permissions. Do you have world writable files? Any world-writable directories? Are they necessary?

You need to check your database. Look for rogue plugins being loaded, look for rogue users (specifically look for a user named wordpress). You will NOT see rogue plugins or rogue users in your wp-admin/ area. You need to check your database.

Make sure ALL of your plugins are current.

Make sure your wordpress is current.

Change your mysql password that wordpress uses (update your wp-config.php with that new password). Especiallly important in cases where you see changes to your mysql database.

Change any admin level passwords on your blog. Change your ftp password(s)

Scan your local machine for malware.

Look at any other software that’s being used on your site. Is it current?

That’s just an outline and not a complete list.

There’s quite a bit to do, but it’s all necessary.

If you cant do it all — get help.

Then there’s this:


That information was taken from one of the WordPress message board. It’s packed with good advice though, so worth checking out! Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.