settingsAccountsettings
Menusettings

Q: My WordPress site is hacked! A message leading to spammer.shop.tm

+13 votes
Help! i think my site has been hacked!

I have a WordPress site - http://carpet-cleaning-london-area.co.uk and whenever I am trying to access a page of the site (NOT A POST!) - like this one - http://carpet-cleaning-london-area.co.uk/carpet-cleaners-privacy-policy there is a page which is showing on a white background a form for sending e-mails! There is a message - "Mailer" and a link going to http://spammer.shop.tm/

I am in shock! What should I do?????
asked in Web Design category by user sam

12 Answers

+5 votes
 
Best answer
I had the same issue! On one of my client's site I've found and removed the file in question. It was here:

/home/username/public_html/wp-content/plugins/w3-total-cache/inc/define.php

There may be other files on the account that have been compromised so it's important to audit the entire account. Actually it would be a good idea to delete that plugin and if necessary, reinstall it from a new copy.

So basically it is due to the W3 Total Cache recent update! Secure your site whenever you can with all the plugins you can! Here is one article about it - http://tutorials7.com/how-to-protect-and-secure-your-wordpress-site.html

Here are 3 more articles on the topic:
http://www.problogger.net/archives/2013/01/08/10-essential-wordpress-security-plugins-for-2013/

http://wp.tutsplus.com/tutorials/11-quick-tips-securing-your-wordpress-site/

http://wpmu.org/wordpress-security-101-8-tips-tricks-and-tweaks-to-secure-your-wordpress-website/

Good luck!
answered by user golearnweb
selected by user sam
Thanks - it helped!!!!
0 votes
Hello,

Ideally you really need to delete that page, and any files you don't recognise on your account. Change all passwords on your account as well and update any script/applications you may be using such as joomla, wordpress etc.
answered by user richard8502
0 votes
If the page is part of WordPress, it may be related to a plugin.
 
Regards,
Will
answered by user eiorgert
0 votes
When you visit http://www.wordpressexploit.com/, you will see this:
2013-05-02    Wordpress W3 Total Cache 0.9.2.8 Remote Code Exec   
2013-05-02    Wordpress W3 Total Cache 0.9.2.8 PHP Code Execution exploit

so it really is W3 Total Cache's problem! If you are stuck with a situation , you can always visit http://www.wordpressexploit.com for suggestions!
answered by user samfred5830
0 votes
Read this - http://premium.wpmudev.org/forums/topic/security-plugins-over-and-above-bulletproof-security it may help prevent any hacking attacks in the future....
answered by user ak47seo
+1 vote
1. Make sure your wp-config.php has 750 permission - if needed - change the permission through your FTP software or 600. Files should be set to 644 and folders - to 755 or 750
2. Use Back up WP plugin like xCloner or WPdatabase
3. Do not use "admin" as a username! This will make hacker's life muuuuch easier!
4. Use security plugin like - http://wordpress.org/extend/plugins/secure-wordpress/
5. Scan your theme files for potentially malicious or unwanted code by using this useful wordpress plugin - http://wordpress.org/extend/plugins/tac/installation/
6. Use strong password. Go to your Cpanel and... you know where to click to generate one! :-)
7.  For your advanced protection, you can use:
- WP Security Scan;
- WordPress Exploit Scanner;
- WordPress File Monitor;
- Login Lockdown plugin
answered by user andrew
+1 vote
Watch this video:
answered by user hues
0 votes
Use .httaccess to protect your wpconfig.php file! You can use this code:
<Files wp-config.php>
order allow,deny
deny from all
</Files>
answered by user nikole
+1 vote
It is very shocking when my WordPress site gets hacked. I had very bad experience like you but some days before my friend had the same problem and he had informed me about that it happened to his site as well. I tried a lot to fix the wordpress site but could not able to fix the website properly. After that I found a website http://totalwebsecurity.com/ (website security tool) and worked with their technicians. They had my sites completely fixed, up and running in a day successfully. I’d like to thank you the team of omkarsoft and this Website Protection tool.

here is the security tutorial about hardening your website. http://totalwebsecurity.com/security-tips.php
answered by user stevebrown164
0 votes
Here's one interesting article about the two-factor authentication for WordPress: http://tutorials7.com/two-factor-authentication-wordpress.html

Nowadays - you can use your smartphone to double secure your WP site! Nice!
answered by user ak47seo
...