settingsAccountsettings
Menusettings

Q: My WordPress site is hacked! A message leading to spammer.shop.tm

+13 votes
Help! i think my site has been hacked!

I have a WordPress site and whenever I am trying to access a page of the site (NOT A POST!) there is a page which is showing on a white background a form for sending e-mails! There is a message - "Mailer" and a link going to http://spammer.shop.tm/

I am in shock! What should I do?????
asked in Web Design category by user sam
edited by user golearnweb

11 Answers

+5 votes
 
Best answer

I had the same issue! On one of my client's site I've found and removed the file in question. It was here:

/home/username/public_html/wp-content/plugins/w3-total-cache/inc/define.php

There may be other files on the account that have been compromised so it's important to audit the entire account. Actually it would be a good idea to delete that plugin and if necessary, reinstall it from a new copy.

So basically it is due to the W3 Total Cache recent update! Secure your site whenever you can with all the plugins you can! Here is one article about it - http://tutorials7.com/how-to-protect-and-secure-your-wordpress-site.html

Here are 2 more articles on the topic:

https://code.tutsplus.com/articles/11-quick-tips-securing-your-wordpress-site--wp-22446

https://premium.wpmudev.org/blog/security-101/

Good luck!

answered by user golearnweb
edited by user golearnweb
Thanks - it helped!!!!
+1 vote
Hello,

Ideally you really need to delete that page, and any files you don't recognise on your account. Change all passwords on your account as well and update any script/applications you may be using such as joomla, wordpress etc.
answered by user richard8502
+1 vote
If the page is part of WordPress, it may be related to a plugin.
 
Regards,
Will
answered by user eiorgert
+1 vote

Read this - https://premium.wpmudev.org/forums/topic/security-plugins-over-and-above-bulletproof-security it may help prevent any hacking attacks in the future....

answered by user ak47seo
edited by user golearnweb
+2 votes

1. Make sure your wp-config.php has 750 permission - if needed - change the permission through your FTP software or 600. Files should be set to 644 and folders - to 755 or 750
2. Use Back up WP plugin like xCloner or WPdatabase
3. Do not use "admin" as a username! This will make hacker's life muuuuch easier!
4. Use security plugin like - https://wordpress.org/extend/plugins/secure-wordpress/
5. Scan your theme files for potentially malicious or unwanted code by using this useful wordpress plugin - https://wordpress.org/extend/plugins/tac/installation/
6. Use strong password. Go to your Cpanel and... you know where to click to generate one! :-)
7.  For your advanced protection, you can use:
- WP Security Scan;
- WordPress Exploit Scanner;
- WordPress File Monitor;
- Login Lockdown plugin

answered by user andrew
edited by user golearnweb
+2 votes
Watch this video:
answered by user hues
+1 vote

Use .httaccess to protect your wpconfig.php file! You can use this code:

<Files wp-config.php>
order allow,deny
deny from all
</Files>

 

answered by user nikole
edited by user golearnweb
+1 vote

It is very shocking when my WordPress site gets hacked. I had very bad experience like you but some days before my friend had the same problem and he had informed me about that it happened to his site as well. I tried a lot to fix the wordpress site but could not able to fix the website properly. After that I found a website http://totalwebsecurity.com/ (website security tool) and worked with their technicians. They had my sites completely fixed, up and running in a day successfully. I’d like to thank you the team of omkarsoft and this Website Protection tool.

here is the security tutorial about hardening your website. http://totalwebsecurity.com/security-tips.php

answered by user stevebrown164
edited by user golearnweb
+1 vote

Here's one interesting article about the two-factor authentication for WordPress: http://tutorials7.com/two-factor-authentication-wordpress.html

Nowadays - you can use your smartphone to double secure your WP site! Nice!

answered by user ak47seo
edited by user golearnweb
...