I have seen lots of critical errors on my WordPress website. I attached a screenshot below that shows some of these issues. Please look at this and provide some suggestions so that I can fix this problem.
Thank you so much.
Depends how badly broken your site has become.
What is it doing to make you think it's been hacked? Is it just the warnings in the Wordfence scan report?
Before going much further you should for sure grab a backup of your database, wp-config.php, and the contents of the directories wp-content/themes, wp-content/uploads, and wp-content/plugins. Might be a good idea to make a separate backup of the entire WordPress installation directory.
Since you can still access the administration panel, might as well change your password just to be safe. Are there multiple users for your WP installation?
What changes have been made if you click "Details" button in the Wordfence scan?
If you're sure changes to the wp-core files are due to a hack, you can try to repair them using Wordfence's repair feature--it'll restore them to their base WordPress version. But if significant differences are showing for dozens of core files, might be a good idea start over with a clean installation of WordPress.
You'll also want to track down what allowed these malicious changes to be made (has an unknown IP logged into your administration panel recently? Are you using a plugin with a known security issue?), or it'll just happen again.
Related
I noticed that on a wordpress site I'm going to take over the following scripts are found on multiple pages:
When the page is displayed here is what I see:
This seems incredibly scammy, does anyone know what this is?
I am going to delete all of those and restrict access to the website in the meantime
Thank you
One of two things likely happened. Either you are serving flash and have a really old version on your computer - OR - your website has been compromised and injected with some sort of malware.
Are the unusual scripts showing up in the content or the theme files? If they are showing up on the content, that means someone has added these scripts to the database, and it will require a bit of cleanup (or a restore to a previous version). If the scripts are showing up in actual .php files, then someone has gained access to the file system on the server.
You should re-install WordPress entirely to ensure all core files are clean, and then go through plugins and themes to ensure all malicious code has been removed.
Also, it would be good to find out how this happened, to attempt to stop it from happening again.
I have an issue with my WordPress site.
My website is generating adult pages which is not present on our website/database or server. It is showing in google search result like this for example siteurl.com/en/aarp-dating (around 500 pages google crawled) we have checked all our database and found around 30 new tables are automatically created and while we delete it after sometime it restore automatically.
How can I find the malicious code on my server/pages or what kind of problem is this?
Thanks in advance !!
Download the full installation, then compare the files' checksums with a clean backup or a fresh installation of the same WP + Plugins + Theme versions.
Most important: find out how they infected your site and close that hole or you will be back at square one in a short time after you've uploaded a clean backup. Check the Access Logs, filter out known IP addresses of you and your users, and look at the rest, especially POST requests. Also make sure to check the FTP-logs and (if you have ssh access to your host) auth logs to make sure that your/your coworkers' machines/passwords haven't been compromised.
Also make sure you don't miss any extra individual files or plugins that shouldn't be there.
You cannot trust what you see in the backend at this point, so check the database directly for new users you don't know and users with privileges they shouldn't have. Comparing with a recent backup can help.
Since it's not clear how long your site has been infected, I wouldn't trust recent backups (or any, really) either. Set up a fresh install after you found and fixed the entry point, then manually (or with a script, but be careful not to transfer back doors) transfer content to the clean install.
Use Wordfence Security Plugin & scan for infected core files of wordpress.
Use Sucuri plugin.
Also, desactivate ALL of your plugin and install a basic theme of wordpress before.
I have a wordpress website that I maintained entirely through the wordpress admin dashboard. We don't use a staging server or FTP client etc.
I need to make some big upgrades to the the theme version and some plugin versions to fix some bugs.
Is there a way to back up the website or anyway that I can revert to the current setup before I proceed with this? Is there any tools or plugins that I can use for this?
Thanks
You can use this plugin to have backup of your website. Good thing is, it takes backup of db as well. https://wordpress.org/plugins/backupwordpress/
It would be risky on your end to make big upgrades without at least an FTP access, even if you have a backup plugin, when your website breaks up, you can't restore it anyways.
If you really need to do it, just do the updates in small increments, from small plugins to the biggest ones.
I have never used wordpress before, My boss has given me access to a site which was created using wordpress. then He asked me how I am going to make sure I don't break the site accidentally, I told him I would create a backup on my local computer so that all my changes can be restored if I mess up.
I have the wordpress dashboard up. How do I back up EVERYTHING, I hear there are two separate things I need to back up? someone please help me.
PS: I don't think he would like me to do this with out the use of additional plugins.
There are two separate things:
Your website database. Simply export all the MySQL tables from the database, which is dedicated to your site.
The site files, everything you've got under WordPress folder, /wp-includes, /wp-content, /wp-admin directories and all files.
This should do it all. You can test on your localhost to make sure it's everything that's necessary.
You can backup your WordPress either from your hosting account (preferable) or from your WP dashboard.
You need to backup two things - all the files (the root of your Wordpress installation) and the database for your WP installation.
Since you only have access to the dashboard, you have to use plugin for this.
Two of my favorite free backup plugins are:
BackupWordpress - https://wordpress.org/plugins/backupwordpress/
BackWPup - https://wordpress.org/plugins/backwpup/
They are intuitive and easy to work with, so you shouldn't have issues.
If you go to the dashboard go to "tools" in the left toolbar. Select "export". On the export page you can report that you want to export "all content". This will get you the items that you need from the server.
Then you need to install wordpress to your machine. You can download that from: https://wordpress.org/download/
Once you have that on your machine you also need a local server to run it and test it. I like WAMP, but it partially depends on your operating system. I suggest the following video to get you up to speed on how to get the localhost set up and running: https://www.youtube.com/watch?v=snFzbPm_RUE
Hope this helps!
I have website (thebyandby.com) that got hacked several weeks ago. The problem is, the description on Google is showing a spam description for viagra and one the most popular posts (when linked to from Google) goes to a spam website.
The site is a WordPress website so I reinstalled the theme and made sure everything was updated. There are only two plugins installed, Akismet and Google Analytics. I don't think the plugins could be effected but I am not sure. The problem was still there so I checked when Google last indexed my site and it was after I had reinstalled my theme. I checked for malware from Google Webmaster and it said it didn't find any malware. I ran grep -r "viagra" on my entire web directory and nothing was found. I really don't know what else to do. Could this be a database problem?
Yes, it could well be that you have content in the database which is compromised. After all, that's where all the pages and posts are stored. Does your hosting company provide a tool like phpMyAdmin for browsing and editing the database?
But equally, if you have only reinstalled the theme then there are a lot more core WordPress files that could have been compromised by the hacker. Given that you are having problems, it would be well worth doing a complete reinstall of the WordPress files. Just make sure you keep a copy of your wp-config file, as you will need to copy that back. Also make sure you reinstall the same version of WordPress that you currently have.
But you know what: It may save you time in the long-run to just export all your posts and pages from within WordPress and then wipe the hacked site completely and install the whole thing from scratch. You can open the export file in any decent editor and once you've got your head around the XML structure, you can delete any rubbish that the hacker put there. I guess this option depends on how much content you had already put up on the site and how readily you could reconfigure the new site to match the old one.
Of-course if you have a full files and database backup from before the hacker got there, then you have an easy option that avoids all this grief ;-)