Well your site has been compromised and you have to clean house. Here are two guides you can start with: http://codex.wordpress.org/FAQ_My_site_was_hacked Verifying that I have fully removed a WordPress hack?
Create a new user, make him an admin, log in with that account. Then delete the other admin and assign all of his posts to the new user. But first find out how the site was hacked, and clean it up.
You can move the wp-config file one level up. You can also create a .htaccess file and upload it to your uploads folder with this code: <Files ~ “.*..*”> Order Allow,Deny Deny from all </Files> <FilesMatch “.(jpg|jpeg|jpe|gif|png)$”> Order Deny,Allow Allow from all </FilesMatch> Or install a plugin for security which also scans your installation so … Read more
Yes ! This is a malicious code – if you don’t have any backup. I will suggest you to remove this code from top of every file manually. There is no “Genire” plugin/script which can safely remove it from your every file. If you are good with PHP, you can write your own script. Follow … Read more
Issue 1: Look at your dashboard; you’re not logged in as an administrator, and as a result you don’t have the privileges and can’t activate themes or plugins. With adminer or phpmyadmin, check your wp_usermeta table for your user and be sure the wp_capabilities key is for an admin: a:1:{s:13:”administrator”;s:1:”1″;} Or, add a new admin … Read more
You need to use: https://www.google.com/webmasters/tools/home (you need a gmail account – since it’s Google) Add your website to the platform and ask Google to scan your website for any more malware. It might take 24-48 hours. Once Google is happy that there are no more issues, your website ratings will be restored.
According to Sucuri, there are some defacement campaigns underway. Also, it appears that there are attempts at remote code execution. So yes: if you’re running 4.7 or 4.7.1, upgrade to 4.7.2 as soon as possible.
Turns out I wasn’t as thorough as I thought in removing vestiges of the hack. Found some more obfuscated PHP in template files, along with some .php files I didn’t have permissions for that shouldn’t have been there. Removed all that, and admin functionality is back to normal.
I agree that the Better Search and Replace plugin is great for search/replace of the WP database. But be aware that there are many other things you need to do to recover a hacked site. There are many places to get that info, but when I do it, I change all credentials/passwords: database, FTP, hosting, … Read more
I found the problem. A hacker placed a backdoor (wp-admin/29) and forced to rewrite the htaccess with it! Thank you for the hint @WebElaine