It’s every webmaster’s or blogger’s nightmare to visit your website to find it has been hacked. A few of my own WordPress blogs were recently hacked. Including this one. On a recent visit after a short absense I immediately discovered the home page was changed along with my username and password used to login the admin panel.
I was shocked when I first visited this very website. Instead of the usual homepage displaying recent posts and the usual stuff, I instead was faced with a black page with red and yellow Arabic writing according to Google Translate.
However there is no need to worry. There is a procedure to fix the password that I found at the Official WordPress Support Forums.
As I have access to the webhosting account for my hacked domains, after some research and investigation, I found it very simple to get my website back to normal.
In this instance the hacker had only changed a few specific things in my WordPress accounts. The items changed were the index.php file to display the Hacker’s message, my username, password and email address. So here is what I had to do.
- In my hosting account I eneterd Cpanel to access the MySQL database for the WordPress blog via the phpMyAdmin utility.
- Select the WordPress database username.
- Select the “users” table from the list of tables. I could see my details had been changed for my user record.
- Press the Edit icon (pencil) of the user record that has to be ammended.
- I had to change my user_login, user_pass, user_nicename, user_email, and display_name. NB. When changing the user_pass make sure you select MD5 in the Function drop down list.
- Press Go to save the ammended table, and exit phpMyAdmin. The user_pass will be encrypted and show as a bunch of Alphanumeric characters and symbols.
- Test the Username and Password by logging into the WordPress user inetrface.
- The only other file that was changed was the index.php file for the Theme I was using. So in the WordPress dashboard go to Appearance, Editor. Select index.php – I could see how the hacker had replaced the Theme’s Index Page with their own. Delete the code from the hacker, and copy and paste the correct index.php code for the Theme. Download the Theme again if you don’t have a copy of the original Theme on your hard drive.
- Then I checked my website and all was back to normal again.
I was lucky that only one file for the Theme had been changed. It is worth the effort to make sure no other files have been changed. One way to do this is to compare the exact file size of your installed Theme against the copy on your hard drive. The easiest way to do this would be with a FTP program like WS_FTP. Then just compare files between your Local computer and the Remote site all on the one screen.
And that’s all there is to it.
If there is anything else to add or be aware of when your WordPress blog is hacked please leave a comment below.