By using our mini forum, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy

Q: My WordPress site is hacked! A message leading to

+13 votes
Help! i think my site has been hacked!

I have a WordPress site and whenever I am trying to access a page of the site (NOT A POST!) there is a page which is showing on a white background a form for sending e-mails! There is a message - "Mailer" and a link going to

I am in shock! What should I do?????
asked in Web Development category by user sam
edited by user golearnweb

7 Answers

+5 votes
Best answer

I had the same issue! On one of my client's site I've found and removed the file in question. It was here:


There may be other files on the account that have been compromised so it's important to audit the entire account. Actually it would be a good idea to delete that plugin and if necessary, reinstall it from a new copy.

So basically it is due to the W3 Total Cache recent update! Secure your site whenever you can with all the plugins you can!

Here are 2 more articles on the topic:

Good luck!

answered by user golearnweb
edited by user golearnweb
Thanks - it helped!!!!
+1 vote

Ideally you really need to delete that page, and any files you don't recognise on your account. Change all passwords on your account as well and update any script/applications you may be using such as joomla, wordpress etc.
answered by user richard8502
+1 vote
If the page is part of WordPress, it may be related to a plugin.
answered by user eiorgert
+1 vote

Read this - it may help prevent any hacking attacks in the future....

answered by user ak47seo
edited by user golearnweb
+2 votes

1. Make sure your wp-config.php has 750 permission - if needed - change the permission through your FTP software or 600. Files should be set to 644 and folders - to 755 or 750
2. Use Back up WP plugin like xCloner or WPdatabase
3. Do not use "admin" as a username! This will make hacker's life muuuuch easier!
4. Use security plugin like -
5. Scan your theme files for potentially malicious or unwanted code by using this useful wordpress plugin -
6. Use strong password. Go to your Cpanel and... you know where to click to generate one! :-)
7.  For your advanced protection, you can use:
- WP Security Scan;
- WordPress Exploit Scanner;
- WordPress File Monitor;
- Login Lockdown plugin

answered by user andrew
edited by user golearnweb
+1 vote

Use .httaccess to protect your wpconfig.php file! You can use this code:

<Files wp-config.php>
order allow,deny
deny from all
answered by user nikole
edited by user golearnweb