Title page installed in my WordPress blog by a hacker
It’s every webmaster’s or blogger’s nightmare to visit your website to find it has been hacked. A few of my own WordPress blogs were recently hacked. Including this one. On a recent visit after a short absense I immediately discovered the home page was changed along with my username and password used to login the admin panel.
I was shocked when I first visited this very website. Instead of the usual homepage displaying recent posts and the usual stuff, I instead was faced with a black page with red and yellow Arabic writing according to Google Translate.
However there is no need to worry. There is a procedure to fix the password that I found at the Official WordPress Support Forums.
As I have access to the webhosting account for my hacked domains, after some research and investigation, I found it very simple to get my website back to normal.
In this instance the hacker had only changed a few specific things in my WordPress accounts. The items changed were the index.php file to display the Hacker’s message, my username, password and email address. So here is what I had to do.
- In my hosting account I eneterd Cpanel to access the MySQL database for the WordPress blog via the phpMyAdmin utility.
- Select the WordPress database username.
- Select the “users” table from the list of tables. I could see my details had been changed for my user record.
- Press the Edit icon (pencil) of the user record that has to be ammended.
- I had to change my user_login, user_pass, user_nicename, user_email, and display_name. NB. When changing the user_pass make sure you select MD5 in the Function drop down list.
- Press Go to save the ammended table, and exit phpMyAdmin. The user_pass will be encrypted and show as a bunch of Alphanumeric characters and symbols.
- Test the Username and Password by logging into the WordPress user inetrface.
- The only other file that was changed was the index.php file for the Theme I was using. So in the WordPress dashboard go to Appearance, Editor. Select index.php – I could see how the hacker had replaced the Theme’s Index Page with their own. Delete the code from the hacker, and copy and paste the correct index.php code for the Theme. Download the Theme again if you don’t have a copy of the original Theme on your hard drive.
- Then I checked my website and all was back to normal again.
I was lucky that only one file for the Theme had been changed. It is worth the effort to make sure no other files have been changed. One way to do this is to compare the exact file size of your installed Theme against the copy on your hard drive. The easiest way to do this would be with a FTP program like WS_FTP. Then just compare files between your Local computer and the Remote site all on the one screen.
And that’s all there is to it.
If there is anything else to add or be aware of when your WordPress blog is hacked please leave a comment below.
Good Job! Thanks!
Your instructions are right on target. I am using NameCheap.com hosting and they didn’t have a clue how to go about helping me restore my hacked username and password.
Fact is, NameCheap.com kept asking me do everything that didn’t work . I thought sure, next they were going to say I need to stand in my front yard and swing a rubber chicken over my head and squawk like an aardvark.
But your instructions were perfect. My blog is up and running again. Much thanks!!
I’m glad my procedure worked for you. It’s a very simple solution once you know what to do. You think like a doctor …look at the symptons, figure out the cause then fix it.
Just remember to change your password and possibly username to avoid a further attack from the same hacker.
Now we have “one up” on them.