WordPress Blog Hacked — Now What?
Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It has been edited significantly from its original form. There is no guarantee this information is accurate…use at your own risk.
My WordPress blog has been hacked; or at least I think its been hacked. What do I do now?
The WordPress Exploit Scanner plugin can help detect damage so that it can be cleaned up. Other things you should do:
- Change passwords for all blog users, including your own, with a role higher than Subscriber
- If you upload files to your site via FTP, change your FTP password
- Change your web hosting control panel (such as Cpanel) password
- Completely remove all current WordPress core code and re-install the latest version of WordPress
- Make sure you are only using trusted plugins and themes–those from wordpress.org or a trusted commercial developer
- Remove all unused themes and plugins
- Make sure all of your plugins and themes are up-to-date–it’s best to install new, clean copies of each theme and plugin
- Update your security keys in wp-config.php
- Search your entire web-directory (public_html directory, not just the WP directory) to ensure no other files are infected
- Check directory and file permission on your server. Typically, directory permissions should be 755 and files should be 644, but this will depend on your particular server environment.
If all else fails, contact me and I will quote you a reasonable price for fixing your site for you…I only work on Linux systems with Cpanel, or an equivalent control panel.