Answer the question
In order to leave comments, you need to log in
My site has been hacked, what should I do?
Hello!
On my wordpress site, someone changed the text and title of the article :(
They wrote this: hacked by NG689Skw
I am the author, date 26 Jan.
What should I do ?
Answer the question
In order to leave comments, you need to log in
What is the site deployed on? VPS or VPS?
As an option:
Ask the hoster to roll back to the backup before the hack or through RDP (or another system) - go in and return access to the site.
Then remove possible exploits if they have already been put on the site.
Deploy the latest version of WordPress, perhaps a vulnerability has been fixed there.
Try to find out from the logs how you were scammed.
Make an announcement to users that the site has been hacked - change the password)
for starters, if your site is not visited much, then roll back the backup, in 99% of cases the database will not need to be touched. Only files. Moreover, the pictures can not be touched with viruses in them extremely rarely (but not in them either)
If you do not have backups or it is impossible to roll back then.
Here you need to treat it, remove the virus code and restore its functionality.
ai-bolit.php will help you here
https://revisium.com/ai/index.php?q=39517725914937...
put it on hosting, start, wait, fix it.
it will also not be sour if you give a link to the site.
update the engine, you can also remove (or make inaccessible) temporary WordPress modules through which you can upload a file to hosting and other modules that are dangerous in your opinion, it is advisable to change the admin URL. Well, first of all, change the passwords for the database, sftp and hosting.
check other users, I was once prescribed a second admin-)
Rolling back will not help if you do not know what vulnerability, after a while they will hack again, you need to look for the vulnerability and close the hole.
You can also check if you have any new files by comparing the backup files with the original using comparison programs or using the Linux command via ssh
. It is also better for the hoster to tell if they could have been hacked through neighboring accounts if you have shared hosting
hacked by NG689Skw. The same. I'll write my experience, maybe it will be useful to someone. I have been struggling for a week and studying articles and recommendations. But... I have an opinion that the authors of tips for cleaning websites from viruses have NEVER encountered them in reality or they were not viruses at all. Unfortunately, I did not find any serious and really helping recommendations. Only general words. As I wrote above, I have been struggling with this rubbish, which different antiviruses call differently, for example, trojan javascript redirector for a whole week from early morning until 2-3 am to no avail. Not giving up yet, but close to it. It's a pity for the site, which I have been working on for more than 10 years and which is very important to me. First, I searched for and deleted codes in files and entire files created by the virus. It recovers quickly and infects more than a hundred files in a few hours. Then he acted radically - REMOVED ALL WordPress except for pictures and reinstalled it from the official site. I changed all passwords - to the database, login and password to the admin panel, password to the mailbox, password to ftp. Cleared browser cache. Re-installed the theme and plugins from the official site. First of all, I installed the All In One WP Security security plugin. After 4 hours, the virus is again detected on about a hundred files. I can't find it in the database. Is there a way out of it or is it necessary to make a new site, I don’t know, and what is the probability that the new site will also not get infected and will not have to be abandoned ??? Re-installed the theme and plugins from the official site. First of all, I installed the All In One WP Security security plugin. After 4 hours, the virus is again detected on about a hundred files. I can't find it in the database. Is there a way out of it or is it necessary to make a new site, I don’t know, and what is the probability that the new site will also not get infected and will not have to be abandoned ??? Re-installed the theme and plugins from the official site. First of all, I installed the All In One WP Security security plugin. After 4 hours, the virus is again detected on about a hundred files. I can't find it in the database. Is there a way out of it or is it necessary to make a new site, I don’t know, and what is the probability that the new site will also not get infected and will not have to be abandoned ???
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question