Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Tyler Groskreutz
14,793 PointsI think my WordPress website has been hacked. Solutions?
I have a client that has a WordPress site. Their URL is haugbeck.com. If you click on the link and go the site, since late last week has been replaced with only a link labeled "dostawcy kamagra." I wouldn't click on that link if you visit the site in case they give you a virus, but I suspect the website has been hacked.
I replaced the base WP files, everything except the wp-content, wp-includes, and wp-content files. Do you have recommendations how fix this site without scraping everything?
I can still log in to the website using the wp-admin access.
1 Answer
Brandon Kidd
18,141 PointsHey Tyler,
Here are a few tips I use when trying to de-hack a WP site without loosing everything.
Check to see if there is a default.html or index.html file present. WordPress uses index.php so the others should not exist. In many cases, I've see hackers add those files to override the default homepage that your host uses.
Secondly, check your .htaccess file to see if there is anything odd in there. In many cases you can delete the contents, and reset your permalinks in order to return to normal operation.
Third, try using the Wordfrence integrity check - https://wordpress.org/plugins/wordfence/
Last, check your theme to see if any code has been added to the header or footer files.
If you've found your problem, be sure to update everything, change your FTP password, , change your database password, and change your user passwords.
Tyler Groskreutz
14,793 PointsTyler Groskreutz
14,793 PointsOK. I will try those steps. Is there another possibility for the problem that I described?
Brandon Kidd
18,141 PointsBrandon Kidd
18,141 PointsThat's it about 99% of the time. We're you able to solve your issues?
Tyler Groskreutz
14,793 PointsTyler Groskreutz
14,793 PointsI contacted the hosting provider. They were able to tell me that the website has been a victim of a "pharma hack." Its named for the pharmaceuticals that it pushes. The virus affects the theme files of a wordpress website. To get rid of the virus, the hosting provider recommended deleting the current theme (the infected files will live typically in the current one). Getting a fresh install of the theme and changing user name and passwords for logging in, and also be sure all the plugins and wordpress files are updated. It was a hack that preys on pre-4.1 versions of wordpress. They recommended changing the database information to be on the safe side but pharma hacks don't typically have the capability to reach into the server.