My Website's Been Hacked

[Mike]

Hi,

My website has been hacked, and the affected files are all GP ones:

./public_html/wp-content/plugins/gp-premium/addons/generate-page-header/functions/ie.php
./public_html/wp-content/plugins/gp-premium/addons/generate-spacing/functions/ie.php
./public_html/wp-content/plugins/gp-premium/addons/generate-blog/functions/ie.php
./public_html/wp-content/plugins/gp-premium/addons/generate-secondary-nav/functions/ie.php
./public_html/wp-content/plugins/gp-premium/addons/generate-hooks/functions/ie.php
./public_html/wp-content/plugins/gp-premium/addons/generate-backgrounds/functions/ie.php
./public_html/wp-content/plugins/gp-premium/addons/generate-ie/functions/functions.php
./public_html/wp-content/plugins/gp-premium/addons/generate-menu-plus/functions/import-export.php
./public_html/wordpress/wp-content/upgrade/wp/wp.php
./public_html/wp-content/themes/generatepress/inc/add-ons/typography.php
./public_html/wp-content/themes/generatepress/footer.php
./public_html/wp-content/plugins/gp-premium/addons/generate-typography/functions/customizer/get-fonts.php
./public_html/wp-content/plugins/gp-premium/addons/generate-typography/functions/functions.php
./public_html/wordpress/wp-content/upgrade/wp/wp.php

I’m planning to uninstall and reinstall GP, but have you heard of anything like this before? Any ideas/tips?

• This topic was modified 8 years, 3 months ago by Mike. Reason: Clarity of formatting

[Tom]

Hi Mike,

I’m no expert on hacking, but I fixed quite a few hacked websites in my freelancing days.

The most common reasons for getting hacked:
* Out of date WordPress installation
* Out of date plugins and themes
* Shared hosting/server security (GoDaddy used to be awful, hopefully they’re better now)

The most common files that were changed:
* wp-config.php
* .htaccess
* Active themes and plugins

So first, make sure everything is up to date.

Then, go into your server via FTP and sort your files by date modified. It’s possible that some nasty code was injected in other files as well, including the core themes (Twenty Fifteen etc..) and files like wp-config.php and .htaccess.

Re-install GP Premium and GeneratePress, and remove the nasty code from any other areas you can find.

Change all of your passwords – WP, hosting, FTP, even your database if you can.

If your username is “admin”, change it.

Install a plugin like Wordfence to add a little extra security to your site.

If it happens again – I would look at your server. Shared hosting is notorious for stuff like this, and some hosting companies don’t have the greatest security.

Sorry this happened to you – super frustrating. The above should help you get back to having a clean site and hopefully prevent it from happening in the future.

[Author]

Posts