settingsAccountsettings
By using our mini forum, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy
Menusettings

Q: My WordPress site is hacked! A message leading to spammer.shop.tm

+13 votes
Help! i think my site has been hacked!

I have a WordPress site and whenever I am trying to access a page of the site (NOT A POST!) there is a page which is showing on a white background a form for sending e-mails! There is a message - "Mailer" and a link going to http://spammer.shop.tm/

I am in shock! What should I do?????
asked in Web Development category by user sam
edited by user golearnweb

7 Answers

+5 votes
 
Best answer

I had the same issue! On one of my client's site I've found and removed the file in question. It was here:

/home/username/public_html/wp-content/plugins/w3-total-cache/inc/define.php

There may be other files on the account that have been compromised so it's important to audit the entire account. Actually it would be a good idea to delete that plugin and if necessary, reinstall it from a new copy.

So basically it is due to the W3 Total Cache recent update! Secure your site whenever you can with all the plugins you can!

Here are 2 more articles on the topic:

https://code.tutsplus.com/articles/11-quick-tips-securing-your-wordpress-site--wp-22446

https://premium.wpmudev.org/blog/ultimate-guide-wordpress-security/

Good luck!

answered by user golearnweb
edited by user golearnweb
Thanks - it helped!!!!
+1 vote
Hello,

Ideally you really need to delete that page, and any files you don't recognise on your account. Change all passwords on your account as well and update any script/applications you may be using such as joomla, wordpress etc.
answered by user richard8502
+1 vote
If the page is part of WordPress, it may be related to a plugin.
 
Regards,
Will
answered by user eiorgert
+1 vote

Read this - https://premium.wpmudev.org/forums/topic/security-plugins-over-and-above-bulletproof-security it may help prevent any hacking attacks in the future....

answered by user ak47seo
edited by user golearnweb
+2 votes

1. Make sure your wp-config.php has 750 permission - if needed - change the permission through your FTP software or 600. Files should be set to 644 and folders - to 755 or 750
2. Use Back up WP plugin like xCloner or WPdatabase
3. Do not use "admin" as a username! This will make hacker's life muuuuch easier!
4. Use security plugin like - https://wordpress.org/extend/plugins/secure-wordpress/
5. Scan your theme files for potentially malicious or unwanted code by using this useful wordpress plugin - https://wordpress.org/extend/plugins/tac/installation/
6. Use strong password. Go to your Cpanel and... you know where to click to generate one! :-)
7.  For your advanced protection, you can use:
- WP Security Scan;
- WordPress Exploit Scanner;
- WordPress File Monitor;
- Login Lockdown plugin

answered by user andrew
edited by user golearnweb
+1 vote

Use .httaccess to protect your wpconfig.php file! You can use this code:

<Files wp-config.php>
order allow,deny
deny from all
</Files>
answered by user nikole
edited by user golearnweb
...