[wp-hackers] Website was hacked
beautifulcrimes at gmail.com
Sun Jun 16 21:15:02 UTC 2013
Sorry to hear about your compromise.
First things first, make sure your WP installation is up to date as well as
once a machine has been compromised, It cannot be trusted. if starting from
scratch is not an option, dig through your code and look for any suspicious
code/files that may be used as backdoor.
Use strong passwords with over 10 characters and special symbols for
If you have access to host machine and/or network... add firewalls, host
and/or network based.
Also check logs for any suspicious behavior!
On Jun 16, 2013 1:43 PM, <webmaster at qcustodial.com> wrote:
> I went to login to my WordPress site today but it was not accepting my
> username/password. It kept saying invalid username which I knew was valid.
> I accessed cpanel then phpmyadmin to find the username, password, and
> email had been changed. I used the generator on your site to provide a new
> password hash then using phpmyadmin I change the username and email back
> and set a new password. The password has been changed along with my cpanel
> and mysql passwords. It does not appear any changes were made other than
> The wired thing is the username was changed, which cannot be done in
> WordPress you have to do it in the database itself. Leading me to believe
> it was the web host that was hacked not my WordPress install. What are you
> thoughts? What else should I do?
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers