hackrepair

Because JetPack is so commonly installed, hackers often target this and other popular plugins malware injection wise.

Because a plugin has malware “in it” that does not mean the plugin was the entry point.

Are you stating that there are no malware scripts within any other directory on your website?

Hi,
While you may have cleared the compromise within your website, a number of steps need to be completed in relation to Google.com

Google is a search engine and you can learn more about how they have marked your website as comprised by logging into your Google Seach Console (GSC). I recommend doing a few searches for topics like “how do I log into my google search console” to start.

Once you have logged into your GSC, this page at Google provides a nice guide on what to look for in order to clear your Google reputation online, https://developers.google.com/webmasters/hacked/docs/request_review

I hope this helps.

• This reply was modified 6 years, 11 months ago by hackrepair.

Situations like this are usually caused by one of a few things:

1. Administrator password compromised.
Be sure to set only one admin account and others to Editor. Change passwords as well.

2. Exploitable plugins.
Be sure to delete all not required and inactive plugins. Update all to the latest version, and be careful in noting any premium type plugins and checking to see if you have the latest version of those as well.

3. Exploitable themes.
Be sure to delete all not required themes, so as not to leave any hidey holes for hackers to hide their stuff.

4. Check your hosting account and be sure to delete all extra FTP accounts. Change your main hosting account password and primary FTP account as well.

These are the basics. Otherwise, try any of the numerous security plugins available in the repository to see if they find anything suspicious.

Best Wishes in your quest to secure your website!

• This reply was modified 6 years, 12 months ago by hackrepair.

Recover to an older working backup would be my first recommended step.

If you can get the site stable and working with an older copy, you’ll then be able to further lock down the site and possibly help prevent the hacker from returning as well.

My pleasure.:)

Sorry to hear that. I was referring to your database, not your files.

1. install new WordPress in staging site, like staging1.yourdomain.com
2. install same plugins into site
3. install same theme into site
4. import prior database to staging site

With that, you should get pretty close to what your site looked and functioned before.

Once it’s set you can use a migration plugin like Duplicator or other to copy your site over to your main hosting account and be back in business with a clean site once again.

Hi,
WordPress maintains it’s data in its database.

So in theory, if you can recover to the prior working database y
ou should be able to get your votes back nicely as well.

Other reputable organizations that can clean your sites for you also include WP Fix it, HackRepair and WP White Security.

1. User-agents were carefully screened, user-agents are periodically removed.

2. There is no automation to the list. User-agents were carefully screened by a person.

If you find a given user-agent is causing any unexpected issues you may delete the user-agent text in question from the entry within your .htaccess file.

Alternately, you may uncheck and save the use HackRepair.com Blacklist to remove the entire list.

Very sorry. I’m perplexed as to what you are asking.
Can you please restate your question?

• This reply was modified 7 years, 1 month ago by hackrepair.

My pleasure folks. ??

No, user-agent and crawlers/Referer’s are different beasts.

Once you’ve installed this plugin,
see Stop Web Crawlers menu on left -> “List”
and note the entries are website addresses, aka, Referer’s.

If you wish to block user-agents like those you’ve listed above, you would add those lines to the top of your .htaccess file.

Just an observation on this. File save or change dates can be faked in such a way that while the file may show 2015, the file(s) might have been uploaded last week.

The easiest way to verify this is to look at an older backup to see if the file existed prior.

• This reply was modified 7 years, 1 month ago by hackrepair.

Helping people — it’s what I do. You’re welcome. ??

Log into your hosting company File Manager and delete this directory:

/wp-content/plugins/captcha

That should bring your site back online nicely.

• This reply was modified 7 years, 2 months ago by hackrepair.