If you think your site got hacked, there are several (many) things you must do to ‘de-hack’ it. Including: changing all passwords (WP admins, FTP, hosting, database) reinstalling WP (via the Updates page) and then reinstalling all themes (from the repository) and plugins manually. checking for unknown files (via your hosting File Manager; if you … Read more
As I was using MariaDB, the following update did the fix: update wp_posts set post_content = REGEXP_REPLACE(post_content,'(*CRLF)<noindex>.*</noindex> ‘,”) See https://dba.stackexchange.com/questions/234774/mariadb-multiline-regex/234778#234778
If you want to be certain your site is clean, you can either start with a fresh install of WordPress, all of your plugins and the theme. An alternative would be to use the WP CLI verify-checksums to check your core and plugins for any modifications. Perhaps the hardest one to clean is your database … Read more
Although hacked sites aren’t a topic that is within the scope of this site, this question always gets asked. And there are many googles/bings/ducks on how to de-hack a site. The basics: change credentials on everything (hosting, FTP, admin level users). Create a new admin-level user with a strong password. Log in with it to … Read more
One option is to install a security plugin. Most scan for Tim Thumb throughout your whole file structure, including themes (and will also search for many other types of vulnerabilities if you’ve been hacked, as your “hacked” tag indicates). You can also search for files named “timthumb” in your theme directory, or search for the … Read more
If there are posts in the database that are generating the content, then you will need to clean out that malicious code in the wp-posts table. BUt I suspect that there is malicious code in the site. It could be anywhere; inside your wp-config.php or wp-settings.php file, for example. Or in the htaccess file. Or … Read more
Attempt to access the login page happen all the time. Not a big deal….assuming that you have proper protections. Like: Not having a user named ‘admin’ Not allowing enumeration of user names (so user names aren’t discoverable) Using strong passwords on all accounts, especially admin-level Using strong passwords on hosting, FTP, database, etc Disabling access … Read more
There are many ways to infect a site – and many ways to hide that infection from the ‘popular’ security plugins. One way to detect malicious code is via a file-hash-compare function. You may need to write your own though (I did, but it’s not perfect). That function would compare each file’s hash with a … Read more
Well it took a while, but I figured out what was happening here, and the upshot is: no good deed goes unpunished. When setting up my server, I enabled IPv6 because I want to be a good internet citizen and help our collective migration to IPv6 I chose easyengine to manage my WP sites, which … Read more
probably your website is hacked. The first thing to do is: if you still have access to your website and can log in, try to put it in maintenance mode (you can use any free plugin). change your password and delete any unknown user. if your hosting has a Malware Removal Service, use it to … Read more