Divi WordPress Theme
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress fix Reply To: Account hacked; changed username

Discussion in 'Misc WordPress Requests' started by aarcos, Apr 1, 2018.

  1. aarcos


    Reply To: Account hacked; changed username, by aarcos

    Ok, i had to check a web site with this same problem and looking into this issue i found this topic. So i only have been working for a few hours. But i think the following is relevant and may apply to other sites. Hope this info helps you.

    1. No access to asigned admin user, reset via database in table users as described in this topic. Change username and passwords.
    2. Found code inserted in the file index.php in the root directory of the site. Dont expect to see a date change and looks like a long string but is converted and exceuted as php code. This code is responsable for displaying a “random” page and adding it to the sitmap.xml and other changes. Need more time to read all the code, but seems to be all its functions. Replace index.php with a original version your wordpress version.
    3. Delete sitemap.xml and home-site-map.xml
    3. Delete the file z.html, that displays the perpetrator’s name.

    Recommended actions

    Check and restore .htaccess file and file permissions

    Reply To: Account hacked; changed username

Share This Page

Monarch Social Sharing Plugin