Although hacked sites aren’t a topic that is within the scope of this site, this question always gets asked. And there are many googles/bings/ducks on how to de-hack a site. The basics: change credentials on everything (hosting, FTP, admin level users). Create a new admin-level user with a strong password. Log in with it to … Read more
One option is to install a security plugin. Most scan for Tim Thumb throughout your whole file structure, including themes (and will also search for many other types of vulnerabilities if you’ve been hacked, as your “hacked” tag indicates). You can also search for files named “timthumb” in your theme directory, or search for the … Read more
If there are posts in the database that are generating the content, then you will need to clean out that malicious code in the wp-posts table. BUt I suspect that there is malicious code in the site. It could be anywhere; inside your wp-config.php or wp-settings.php file, for example. Or in the htaccess file. Or … Read more
The best way to fix this is to have a clean backup of your site’s files and database and set up a fresh wordpress installation. Change all passwords related to the site (hosting, domain etc.), close your current hosting account, set up a new one, and let your host know your site was compromised so … Read more
Uploads directory should be public, or whatever other settings in which the webserver is able to write to it, which in term of website security makes very little difference. You most likely have an unsecure code or unsecure server and there is not much point in rebuilding your site without first fixing those two issues … Read more
If you’re using the same database, then the hack code is sometimes stored in there. The pharma hack uses this technique. Ensure that you have a clean database that you’re installing into also.
Look at this answer I wrote for a more extensive explanation: Malware on site For a summary: Add a login limiting plugin Move wp-config.php out of the public html folder ( WordPress will look one folder up from its root directory if it isn’t there Use the correct file and folder permissions Do not use … Read more
In order to limit the impact of the exploit when looking at a solution, I have written a small plugin that checks the .htaccess file content every hour and restores the correct file if it has been modified. <?php /* * Plugin Name: Fight the exploit * Author: Fabien Quatravaux * Version: 1.0 */ register_activation_hook( … Read more
Renaming files will not make your blog more secure. Obscurity, hiding trivial information, is not a real security concept. The index.php is safe. Make sure the file permissions are set correctly, and try to find the real security hole you had.
Do you have SSH access? WP-CLI via search-replace. $ wp search-replace ‘<script>bad javascript code</script>’ ” –precise By default, this only searches for tables registered in $wpdb. To overwrite this behaviour, you can use either the –all-tables or –all-tables-with-prefix flag. (Or pass table names to the command manually.) Alternative: Easiest would be to download a dump, … Read more