[wp-hackers] Unable to login to wp-admin
Lynne Pope
lynne.pope at gmail.com
Mon Sep 6 15:48:23 UTC 2010
On Tue, Sep 7, 2010 at 3:06 AM, Sherry Myrow <teklists at gmail.com> wrote:
> Hi everyone,
>
> I think my site, gamerwidow.com, has been hacked.......I'm running WP
> 2.6.5. I know I should upgrade but I'm a bit daunted by the task to
> be honest. Anyway, I tried logging into wp-admin and although I'm
> using the correct credentials it says 'invalid username' and will not
> let me log in.
>
> Furthermore, when you do a search on google for "WoW Widows" my site
> is the very first one listed but the page title says "Viagra Sales"!
> I've tried searching this problem but the best I've found was to
> manuallly disable plugins, clear your cache and try again. I've also
> tried resetting my password and checking the db to make sure my admin
> account was still set to my email address -- all to no avail.
>
> I need help and would love it if anyone could! I used to do wp
> customization for a living but i haven't done it in a couple of years
> (which is why i'm afraid to upgrade to 3), I'm most familiar with 2.5.
Both your version of phpBB and WordPress 2.6.5 have security issues. To add
to that, you appear to be using the old Google Analytics JavaScript, for
which there are known vulnerabilities. I'm afraid that you are going to have
to do some detective work to find out exactly what the hack is and how it
got in, then block it as soon as possible.
If you have a clean backup from before the hacking, I'd recommend you revert
your site to this backup as soon as possible. The first thing you need to do
after that is change all your passwords - all of them, including your
database password and FTP credentials in your server control panel. In order
of priority, upgrade phpBB first, then the Analytics code, and finally,
WordPress 2.6.5. In your situation I also recommend you upgrade to WordPress
2.9.2 at this stage as there is not much of a learning curve from the
version you are familiar with. It's also easier to adapt your theme. Once
you have your site updated and secured you can then take some time to learn
about the changes that came in with WordPress 3 and plan to bring WordPress
up to the latest release as soon as you are comfortable with it.
I also recommend that you get onto Google and search for tips on how to
secure your WordPress and phpBB sites. Each of them are prime targets for
hackers so spending a bit of time researching security tips would be very
worthwhile.
Good luck on your upgrades.
Lynne
More information about the wp-hackers
mailing list