Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with a Website clean-up


  • Please log in to reply

#1
Vickilee

Vickilee

    New Member

  • Member
  • Pip
  • 4 posts

Hi!  I'm the one who is not a techie-- and even all the free help and advice probably won't "take" with me, because I'm not sure what to ask.  I need some help-- and I'm not looking for free, actually, to clean up a web site I have on web hosting hub.  I was told they think it was "hacked", and I need to clean it up, have plug ins updated, theme (word press) updated.. a friend suggested she always uses someone from this site-- but I'm not sure how to go about finding someone reliable to do this one-time project.  And now I'm not sure cleaning up a wordpress site isn't kind of too simple (for lack of a better word)for  the skillset of the "geeks" on this site...  but any advice of how to find someone suitable would be greatly appreciated..

 


  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

Wordpress sites are a frequent target. While it's important to keep your site up-to-date with the latest version, there are vulnerabilities in plugins that are beyond your control. Wordpress is very popular, and a huge target.

 

First question is does your host have a backup from when before the problem began? It's the easiest resolution. If not, we'll go from there. :)

 

BTW, Welcome to Geeks to Go!


  • 0

#3
Vickilee

Vickilee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi-- and thank you for the welcome!  It's on web hosting hub-- and I think I do have back up-- but I'm not concerned so much about having to reinstall (i think that's correct) from scratch-- I've let the site just sit for a while, and now I'm ready to start it up again and have it more active-- so I can recreate any content I want to.  I have alot of "people" registering on the site since they thought it was probably hacked-- and there is no reason for all these new "registered" people, so I'm assuming it is some automated phising type thing or something along those lines, so it probably was hacked..


  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

A Wordpress site basically has two components. The front-end facing theme and the backend database. The database is rarely hacked. Since you're considering a fresh start, the best idea is to delete everything in your public_html or www folder EXCEPT wp-config.php, and upload a fresh copy of Wordpress and a new theme.

 

Also, on a Wordpress site, it's best to disable registrations unless you have a real need for them. Use commenting systems from Disqus, or Jetpack instead. :)


  • 0

#5
Vickilee

Vickilee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Thank you... I thought so... I do have jet pack... and I may need the registrations, but I can try it without that..  but I'm not sure how to delete except for wp-config.php...what happens if I accidently delete that?


  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

It contains the name of your database, and password. Unless you have those stored elsewhere you won't be able to connect without some help from your host to reset. Download a copy before you start.

 

FTP isn't greatly different than the file explorer on your computer. Download Filezilla for free and take a look. Filezilla is an FTP client that will allow you to view the files on your server. If you're real ambitious, you could download a couple of plugins called WordDefense and Exploit Scanner. They'll generate logs that you could paste here for review. But it can be very much like looking for a needle in a haystack.


  • 0

#7
Vickilee

Vickilee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Thanks!  I also tried asking the help chat at Web Hosting hub-- and they said the same thing, I think.. its something in the configuration-- and I should delete the plug-ins.. then test it one by one.. I did delete 2 files but that didn't help, and I'm not sure which files are plug-ins.. although I did see a couple of files that said wp-config.php-- which i stayed far away from.. I think I'm going to have to pay someone who knows what they are looking at..


  • 0

#8
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

Go to your Wordpress admin control panel [yourdomain].com/wp-admin/plugins.php or click Plugin on the left hand menu to see a list of installed plugins.

 

Unfortunately, it's usually not as simple as removing an infected plugin. Having cleaned quite a few of these myself, the infection often copies itself to a half dozen legitimate files (even images), and installs a shell script. Should be less than an hour job for someone that knows what they are doing. But the best recourse is always to delete all the files and re-upload if possible (make sure you have a good backup first).


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP