My WordPress site got hacked

  • I manage multiple blogs on WordPress and yesterday I found one got hacked. My blog was being redirected to Deleted. After noticing this I promptly uninstalled WordPress on my blog and reinstalled everything from scratch, I deleted everything database, users, and files, pertaining to this blog.

    After resetting my blog, I opened vowblog.com again and what I found was shocking I got following message deleted

    After that I visited mentioned page and found hacker’s email address (Really deleted) in privacy or perhaps about page. I sent him an email and asked him, ‘how to get rid of it?’

    His reply was “1. Glad to see that you have recovered your blog.
    2. Nothing Dear… I just want to know your current position and why you quit blogging.

    Now my questions are:
    1. How my site got hacked? I use only my laptop to access my sites which is running on Windows 10 and has paid Norton Antivirus. I never open suspicious websites and all software programs are genuine.
    2. After uninstalling WP completely on this blog and reinstalling it, why did I see deleted message on my site. I mean what else I am suppose to do to ensure my site is now safe. Now I am not seeing that message on my blog. I mean how had he managed to show that message on a freshly installed blog?

    Hint:

    Not sure but I thought I should mention it.

    On 16, April, 2019, I chatted with my hosting company’s (Bluehost) agent to fix a problem. The agent asked me to provide two-factor authentication code to access my site data. She asked for two-factor authentication code for 5-6 times. After that I had not visited my blog vowblog.com because I was working on another blog. But yesterday when I tried to access vowblog.com WP admin area I found I lost access to it and my blog was being redirected.

    If above reason is not valid then I unable to figure out how did this guy hacked my site?

    Kindly help me know whether my sites are still under attack or not?

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

  • Chances are either you did not properly remove the malicious code or the hacker also go access to your domain and is forwarding it at the domain level this is called domain hijacking.

    Bluehost is quite unlikely to have actually cleaned up the malicious code for you. They usually will try to see you one of their services with a monthly service attached to it. I forget the name of it but it is a security service and it will do you no good to have that service if the site is not cleaned up first.

    So get a large mug of your favorite beverage and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

    Thread Starter vowblog

    (@vowblog)

    Davood Denavi thank you for quick reply!
    In hint section I tried to mentioned that on 16/April/2019, I contacted Bluehost agent to solve an issue and she (agent) asked me to provide two-factor authentication, which to my mind usually agent don’t ask to provide, and after that my site got hacked.

    From my hosting cPanel I deleted everything pertaining to my blog. I don’t think I left anything behind.

    Is there any way to know site is still under attack or not?

    Yes, I saw what you said about bluehost. If you restored the site from a backup which is probably all bluehost did for you then yes. It is possible that they restored a hacked version of the site. It is also possible that the hacker came back and hacked the site again after you did the restore especially if you used the same plugins and theme. Therefore you need to follow the guide I provided and also harden your site so that the hacker wont be able to do this again.

    Hope this helps. Once you have resolved your issue please mark the thread as resolved.

    Thread Starter vowblog

    (@vowblog)

    Thank you very much!
    I’m reading everything carefully. I hope your provided links will help me cope with the situation.

    And scan your PC with the Malwarebytes Anti-Malware. It is free program with the 14 days Premium version available after the installation.
    It never hurts to get a second opinion and I’m not big fan of Norton either. ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘My WordPress site got hacked’ is closed to new replies.