Website hack after resolution.. wp admin page in not accessable!!..please help

  • Hi,

    I have same problem, my site was working fine and someone hacked. and leave the msg on main page that he is done nothing harm to site just rename the file index.php to index-real.php.

    so I checked via FTP there was no index-real.php file. there was a file index.htm so i rename that file so my website is working fine but now unable to browse my wp admin page and faceing same error”The page isn’t redirecting properly
    Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
    This problem can sometimes be caused by disabling or refusing to accept cookies.”

    please help….

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator bcworkz

    (@bcworkz)

    First thing, if you haven’t already, is change all passwords of all admin users, all ftp and hosting account passwords too. Consider changing the salts in wp-config.php. This will force all users to reset their passwords though. Ensure all admin user’s computers are free of malware.

    Obviously the hacker didn’t do what they said they did, imagine that. All files and data could be suspect. Copy all the files in the WP installation folder, the one in which most of the files are named wp-something.php, to a safe place for possible further analysis. Delete the same files on your server. Copy fresh files from a clean source back into the same folder.

    If that doesn’t solve the problem, do the same for the wp-admin and wp-includes folders, or just do these straight off for good measure. If that still doesn’t work, you may have to wipe everything and reinstall from backup.

    Thread Starter razahassan

    (@razahassan)

    i have already changed all the passwords, but I dont have any backup or my site because i recently joined this company and the guy who made this site is have not given any backup and neither he is in contact now.

    what the solution is now…?

    Moderator bcworkz

    (@bcworkz)

    You can download a fresh matching version from www.remarpro.com and use that. You should be able to get the version number by opening the readme.html file in the root installation folder.

    Lets hope they didn’t mess with your data, that can be a lot of work to clean up.

    Thread Starter razahassan

    (@razahassan)

    Hi,

    I got the full backup of website and in:

    1st step: replace all the php files in the public_html folder. but no success
    then done in 2nd step: rename the folder wp-admin and wp-includes and copy these folder from backup.

    after this website is working but when i try to login dashboard page its shows error page not found….

    any idea.

    Thread Starter razahassan

    (@razahassan)

    I changed the location of wp-admin folder.

    now site is working fine and also able to access dashboard login page…

    Thank you.

    Thread Starter razahassan

    (@razahassan)

    hey!!

    let me ask one more thing pls tell me what I do for increase website security… for avoid next time all this bullshits.

    Moderator bcworkz

    (@bcworkz)

    Take a look at Hardening WordPress. Any idea how they got in? Use strong passwords. Be sure computers used to access the server and WP are free of malware. Use SFTP or some variant rather than plain FTP. If you use filezilla, do not store passwords in the site manager. Do not access WP or your server through suspect LANs, like coffee house Wi-Fi.

    To resist brute force attacks, give some other user the administrator role, then delete the default admin user. Use some sort of plugin to lock out a user after a small number of unsuccessful attempts.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Website hack after resolution.. wp admin page in not accessable!!..please help’ is closed to new replies.