Tag Archives: secure

wordpress-hacked

What to do when your WordPress site has been hacked?

Once day google sent me this message in my mail box.

After I’ve done some researches I know that my site was hacked by someone who is a client of my hosting which his username is “aptour” because my hosting still use the old version of the cPanel So I’ve done the following:
1. Back up my site and database.
2. Check Server Log (Law access logs)
3. Check .htaccess files in the root directory. It may be redirect rules there.
4. Create New FTP account, delete the old one the use new FTP to delete that page. (In my case, it’ve already removed or temporary page)
5. Login to PhpMyadmin to revise your data. (I’ve found new admin user and removed it.)
6. Change database username/password.
7. Change WordPress Admin Password.
8. Change WordPress Authentication Unique Keys by use “https://api.wordpress.org/secret-key/1.1/”
9. Upgrade wordpress then disable using the xmlrpc.php (I don’t publish my blog by email)
10. Contact my hosting, inform what happen.

Now everything has already secured. So let’s google help us check our site again.

Resouces