How To Fix Hacked WordPress Site & Malware Removal - Real live case
Vložit
- čas přidán 30. 07. 2024
- Got hacked? Do not worry! I am here to help you out. In this tutorial we will fix a hacked website step by step. Its a real case so we are about to bumb into some problems.
👇🏻👇🏻👇🏻 Start here 👇🏻👇🏻👇🏻
I hope you can clean your website yourself with this Tutorial! If you cannot get it cleaned or you lack the time, you could hire me to clean your WordPress website: 👉🏼 wpressdoctor.com/clean-hacked... 💪🏼
Do you want to support my channel? Leave a like or buy Divi / Elementor Pro with 10% discount via the link below. That will help me enormously to create these free videos for you and keep going!
⇒ Software that I recommend:
✅ Divi 10% discount ⇒ wp.discount/divi-discount/
✅ Elementor Pro ⇒ wp.discount/elementor-pro-dis...
✅ SiteGround 70% discount ⇒ wp.discount/siteground-discount/
✅ WP Rocket 10% discount ⇒ wp.discount/wp-rocket-discount/
I want you to succeed with your cybersecurity, so lets get started.
⏱️Timestamps⏱️
0:00 Intro
0:26 Try backups
0:59 Strange Things
1:24 Check your files
3:16 Put the files back
4:47 Download WordFence 👉wordpress.org/plugins/wordfence/
5:05 Upload WordFence
5:24 Check strange plugins
6:22 FoxAuto hacktool
8:36 Remove strange plugins
9:40 Run WordFence
10:20 Scan for Malware & virusses
11:15 Clean files
11:50 Check users
13:37 Remove compromised users
14:26 Fresh WordPress install
16:13 A Trojan Horse in WordPress
17:03 Fresh WordPress install
18:43 Still not fixed
19:00 Contact hosting
20:00 Japanese SEO spam
21:20 Check logs files
21:50 Reset FTP passwords
22:45 Replace last files
Thank you for watching! 😀
✅For tips and tricks on getting the most out of WordPress, don't forget to subscribe: wpressdoctor.com/sub
📖Transscript📖
Don't panic. The WPress Doctor is here. We're going to fix your hacked website within a couple of minutes. Breathe in, breathe out, because it's going to be all fine.
In this video we're going to fix a hacked website. Someone came to me and he said: "I have a website which is really slow. Can you investigate it?" While investigating i stumbled upon really strange things. But the first thing you need to check for me is; if you have backups. If you log into your hosting company and you can restore backups from yesterday, or two days ago, a week ago a month ago, and the hack is gone, that's perfect! After that you can just install iThemes Security - I made a tutorial about it right here. So you can watch it, install it, and then you're safe. But in this video I'm going to show you a website that also the backup has been infected with malware and logins... it is amazing. If you want to clean your WordPress website, we're going to start right now.
So on this dashboard I noticed something strange is going on. The client came to me with a question about some checkout that didn't work, but on logging in I saw this: 'WP Rocket could not modify the .htaccess file". This is not very normal. Also when I try to update this file, I go to a new tab and this is what I see: It is forbidden. This is not pretty normal. So the first thing I want to do is check the .htaccess about what's happening on this website. How you can do that? You can log in using FTP or you can log into your hosting company and there you can open up the file editor. So let's do that last one because it's most easy for everybody. Most hosting use Direct Admin some use Plesk as we have right here, and some others like Siteground they have their own backend. But what you need is you're looking for this: File manager. Now we're going to see about this .htaccess what's going on with this file, it is acting weird. This is strange, because normally when you open it, there is a way to edit it, like this one: "Edit in code editor'. When I do it with this one, it doesn't see that. Why? It has to do with the permissions I think, so let's see. All right the permissions has been changed so that we cannot write it. Let's put it on write and press save. Now let me see what's going on with this... now can we... yes now can we edit in the code editor. Okay let's see what happens. All right. This is not a normal WordPress .htaccess. So let me show you the normal .htaccess file in WordPress; is supposed to look like this. #Begin WordPress and #End WordPress and this is to make the rewrite rules good so you can use permalinks and all this kind of stuff. Um this is normal and this is what it says. It says order allow deny deny from all so what someone has been doing here, is all these files - those are not WordpPress files! Autoseo.php? Wp-block-header.php? Ms-sites? Those are not WordPress core files. So someone is trying to cover up, and trying to block us out to not edit these files. Right? We're gonna change this file back to the normal .htaccess file. So this is the normal one. We're going to copy it...
📖 Read the rest of the transcript at wpressdoctor.com/
#Hacked #WordPress #Malware #JapaneseSEOspam #cybersecurity
Hey guys! I hope this video was useful to you. After my cleaning and sending the results to the client, the decision was made to switch hosting companies. That made a huge difference in ways of security and also speed… I was right, the PLESK was compromised after all! I hope you can clean your website yourself with this Tutorial! If you cannot get it cleaned or you lack the time, you could hire me to clean your WordPress website: 👉🏼wpressdoctor.com/clean-hacked-wordpress-website/
And speaking of hosting company, what type of hosting company(ies) (and package/plans) would you recommend to someone running a website tool like SEO tool, image compression and convert tools? Also blogs with over 20 websites that generates over 300k monthly visitors?
Considering cost, security, available resources (if one is using heavy themes and plugins like Divi, Directorist, WooCommerce, etc), customers service, etc.
Good question! I run the same sites (WooCommerce, blogs with 2M visitors a year) on a GoGeek plan of SiteGround. Since they are in the Google Cloud, the speed is very good and the “super php” works really well… I have not so good experience with NameHero for example… a lot of downtime, unexplainable errors and stuff… it’s not very good. So yes, definitely SiteGround for me 😀 wp.discount/siteground/ if you want to check it out!
@@WPressDoctor sure, thanks
@@WPressDoctorI love SiteGround. 😃🙌🏻❤️
Me too 😎
I'm coming back after one or two weeks of watching this video for the first time, just to say THANK YOU. A friend of mine had a serious spam problem in his websites, and I was able to clean both of them by understanding how malicious code can be present in WP. Please keep up the good work, and thanks again for sharing. My friend (Finnish in Dominican Republic) asked me (Venezuelan in Ecuador) to share the video with him, so, I wanted to show the reach of your videos, and how much we appreciate your help.
Hi Kevin! Thank you very much for taking some time to write me this great comment. You made my day! I’m so happy that I could be of assistance. Well done with cleaning these sites, you are the hero! 😀 Yes I will keep doing it, you are very welcome. Have a great day!
Very interesting and well done. AS USUAL! Great job Doc! Thanks for sharing your knowledge!
Hi Silvia, great to see you back! You are very welcome, I'm glad you liked the video and it was beneficial to you 😁 Have a awesome day!
Hallo ! ik wilde je ongelooflijk bedanken voor deze video! Het was exactly wat ik nodig had. This video was exactly what I needed. I can't thank you enough, I followed it to the letter and it worked perfectly,. The only difference is that you can now only use Wordfence for free for 30 days. Your instructions are calm, easy to follow . You've earned a new subscriber, please don't stop making more video's like this! And thanks again!
Hi Nicole, hartelijk dank voor je leuke reactie, dat waardeer ik erg. WordFence kun je onbeperkt gebruiken, alleen de 30 dagen is een 'vertraging' in het updaten van de malware scan. Dat wil zeggen als er nieuwe malware gevonden wordt dan duurt het 30 dagen voordat de gratis gebruikers deze malware ook kunnen verwijderen. In de praktijk is dat geen probleem, de kans dat je tussendoor geïnfecteerd raakt is heel erg klein.
My team handles several small WP websites and there will be times that those will get hacked. Your guide has proven very helpful in our endeavors in cleaning malware and keeping our sites secure from another attack. Please keep us updated with the latest tools and techniques Matt!
Hi there! Thanks for your comment. You are very welcome! Thank you for writing a comment. Really appreciate that! I will make these video's if there are new cases of malware coming up 😊 Please consider a like and subscribe or maybe a share for my video, that would help me a lot! Have a great day and take care! 😃
THANK YOU! I was struggling with my websites sharing hosting account. and today with your videos i have finally cleaned them ALL!!! yey!
Hi Alex and Alexandra! THats great to hear 👍🏼😊 I'm so glad you got it fixed! Keep up the good work and good luck with your channel ⚡😁
Great watching you ferret out the problem. It was like watching a "who dunnit move".
Hi Glen! Thank you for your comment! Really appreciate it. Glad you liked it 😀 Have a great day!
This was awesome. I have not been hacked but this was still very useful. Thanks!
Thank you very much! That’s very nice of you to say! Let’s hope you never get hacked 😀👍🏻 Please consider a like and subscribe or maybe a share for my video.
nice work! I also didn't think of the ftp access could have been pwned, but this shows, how real life sometimes is as a dev. In my attempts to clean up, I did some additional scans with additional anti malware scanner plugins. pretty simple, simply time consuming, but also effective to detect other hacked or really suspicous files as well. Because, a site can be hacked several times through kind of different hacks that build up on each other. In this particular case that I talk about, the ftp accounts were allready changed because the hosting was changed beforehand. Also, after the site got cleaned up, it's important to communicate to the site owner what happened and why, so they can reflect on their habits and find security vulns - and that they can start the site crawler from google to quickly remove the seo horror from google searches. But thanks for this "Reminder-Video", because I don't cleanup sites so often.
Thanks for writing your comment! Yes the behavior of the client is very important, as he has the keys to the castle! What kind of extra plugins did you used to scan with? Just curious 😊
LOL, I just love your expressions. I can understand your situation coz I offer the same service in the marketplace. Watching your video, it looks like I'm seeing myself on the other side. You made my day Matt.
Hi Aleikram! Haha thanks for your comment, I’m happy it was relatable 😄 Have a great day and keep cleaning those ugly hacks!
That video is SUPER great! Thanks a lot mate :)
You are very welcome! It makes me happy to read your comment, thank you for taking some time to write me. I hope my other video's are also useful for you. Getting the word out there with your like and subscribe, and possibly a share would be much appreciated. If you want a free website review / audit, check wpressdoctor.com/audit
@@WPressDoctor I've noticed now that there are 2 themes and 1 plugin that i can't delete and also unable to set permissions to edit or delete them... Do you know what should i do in that situation? The themes also seems to be having some malicious files in it after i scan them with Wordfence.
Thanks :)
*I'm using Cloudways with WP File Manager and FileZilla as well.
Thanks Doc. Your video helped me fixed my issue with my WP site. Again, thanks a lot.
You are very welcome! I’m glad you got it fixed 😅 Have a great day and stay safe!
Thank you very much for this video!! Was working on my site until I saw that the css of my login page wasn't quite as it should be, so I thought I'd see if this is also the case via another browser. Now I immediately deleted the cache to immediately see the right thing. But when I went to look through google I got a popup with notifications allow or block with a vague link. Well I had no experience with this myself so I sent a message to my hosting and their security experts were not there during the weekend so now I thought I'd watch youtube and see if I can solve it myself. And with this video I was fortunately able to solve it myself and now the popup is gone. Only wordfence has already been able to fix it. Thanks a lot for the video keep it up!
Hi there and thank you for letting me know! You are very welcome. I'm glad I could help you out with your website. Stay safe now and don't forget to change all your passwords!
Thank you so much for this extremely thorough tutorial.
Hi there! You are very welcome! I’m glad you liked the video. Did you also had a hacked website?
Thank you very much. It was a good explanation.👍👏
You are very welcome! I’m glad the video was useful! I hope my other video’s will also add something to your knowledge and skillset! Getting the word out there with your like and subscribe, and possibly a share would be much appreciated. Have a awesome day! If you want a free website review / audit, check wpressdoctor.com/audit
great content, helped me out a lot thank you :)
Thanks Lee! I’m glad this video also helped you out 😀
I wrote a comment earlier when I cleaned different websites malwares but I want to say thank you again to legend wp doctor because I have cleaned another WordPress website today very easily with his techniques. Many thanks and keep up the good work. You are real doctor for wp diseases.
Thanks man! I really appreciate it 😀👍🏻 I’m just glad I can help you out and learned you something you can use! Keep up the good work!
@@WPressDoctor Thanks a lot.
Great content! & cool presentation style.
Hi Naleen! Thank you for writing a comment. Really appreciate that! Please consider a like and subscribe or maybe a share for my video, that would help me a lot! If you want a free website review / audit, check wpressdoctor.com/audit
You are amazing Doc 😍😍
You are very welcome! Thank you for writing a comment. Really appreciate that! Please consider a like and subscribe or maybe a share for my video, that would help me a lot! If you want a free website review and audit, check wpressdoctor.com/audit
Thanks a lot 👏
For a detailed guide
You are very welcome! Thanks for letting me know that the video helped you out! If you run into any problems please don't hesitate to ask. If possible, go back and like and subscribe to the video. Video shares are helpful as well.
Thank YOU! You helped nie to heald my website! 🔥
You are very welcome! I’m glad the video was useful. I hope my other video’s will also add something to your knowledge and skillset! Getting the word out there with your like and subscribe, and possibly a share would be much appreciated. Have a awesome day! If you want a free website review and audit, check wpressdoctor.com/audit
Excellent video 🙏
Hi there! Thanks for the comment, I’m glad you liked the video! Have a great day and take care 😀👍🏻
Thank you for information.I have same situation with products from Google Marchant and my site have problem with ranking in Google.I hope to fix problem with Wordfence but yours information was very useful.
Hi there! I'm glad the information was useful. I hope you can fix your website. If you need more help, you can always hire me wpressdoctor.com/fix-hacked-wordpress-website/
Many thanks Matt WPress Doc!
Hi there! You are very welcome! I’m glad I could help you out with this video. Stay tuned, more awesome tutorials coming up! Have a great day and take care 😀👍🏻
Thank you
Well worked 🙏
You are very welcome!
Man, I love this
Thanks!!
Thank you , great help
You are very welcome! I’m glad the video was useful. I hope my other video’s will also add something to your knowledge and skillset! Getting the word out there with your like and subscribe, and possibly a share would be much appreciated. Have a awesome day! If you want a free website review / audit, check wpressdoctor.com/audit
Thanks, I learned. a lot.
Hi James! You are welcome! I’m glad I could help you out with this video. Stay safe and have a great day! 😀
THANK YOU SO MUCH!!!!
You are very welcome! I’m glad the video was useful. I hope my other video’s will also add something to your knowledge and skillset! Getting the word out there with your like and subscribe, and possibly a share would be much appreciated. Have a awesome day!
Very helpful content this is the most elaborate video I have ever watched............ My hostinger account has been highjacked I mean my email was replaced by some random guy I still have access to my hpanel but my websites keep getting Re-written how do I regain control because I cant logout nor change back to my email
Hi Agix and thank you for the compliment! Well first of all you need to regain control, so get the right email in it, change all passwords and FTP accounts en reupload new files… follow the steps in the video. But first make sure you lock the strange guy out!
Thanks a lot Solved the same problem...
Hi there! You are very welcome! ThNks for letting me know 👍🏻😀 I’m glad you could clean your hacked website! Have a great days and stay safe!
I did everyting you did, but I did not realize that was The ftp. Thanks.
You are very welcome! It always makes me happy to see that someone has been helped with the video. That FTP is indeed a sneaky one. If you run into any problems please don't hesitate to ask. If possible, go back and like and subscribe to the video. Video shares are helpful as well.
Thank you doc
You are very welcome. I'm happy the video was useful to you 💪🏼
thanks bro regards from Syria
You are very welcome! I’m glad the video was useful for you 😀👍🏻
golden knowledge
Thank you very much! I'm glad you found the video helpful 😀 If you run into problems I am here to help get you moving forward again. Please pay it forward with a like and a subscribe, and possibly a share 😊 I hope you find more of my videos helpful.
awesome thank you! i want to try this !
because our old website is currently getting the same problem like this.
we're currently revamping the website too, by creating a staging website..
BUT, both LIVE and staging website is getting this same problem..
i'm quite afraid to make changes now...
Hi there! Thanks for the question! ah thats not nice. Yeah you should first clean up everything, than secure it using iThemes and then proceed further... make sure to change ALL your passwords, including FTP and SFTP!
well I followed the video as I'm almost certain I have malware in my code or site due to being suspended from my google ads account. Im not versed or as program friendly as you or your viewers so I would be grateful for a video on how to detect and delete in fewer steps. I know this may not be possible but trying to follow what you just went over is very overwhelming for someone like me. I would even be willing to pay for a scanner that could find and delete the issues at hand with out all the extra steps. Thank you for your video as I did learn what and how they do this shit.
Hi there! Thanks for reaching out. It’s very frustrating when you got hacked and malware is infesting your website. If you are sure you are actually hacked, you could also hire me to fix your website, No cure no pay. wpressdoctor.com/clean-hacked-wordpress-website/
This is a lot of stuff to learn 🙃
Hi there! Yeah there is! But following this guide, you might be able to fix your own hacked website 😃 Have a great day and take care!
I would like to see a sequel to this awesome video. Did they catch the bad guy? What about your client's domain rank in the SERPs?
Well I could give you the short version: they didn’t catch the bad guy, but they sealed their gates when resetting FTP passwords and switching hosts. Somehow the host was not very good secured… the ranks got restored and business is as usual 👍🏻😀
@@WPressDoctor Hallelujah! Thank the good Lord Almighty above! 😊🙏🏻
Amen brother!
Same here, I found a punch of FTP accounts.. many thanks brother.
Hi Ahmed! Ah that’s great! I’m so glad the video helped you out to find those shady FTP accounts 😀 well done!
Thanks for this video. You are great.
You are very welcome! Thank you for writing a comment. Really appreciate that! Did you got your website fixed?
Please consider a like and subscribe or maybe a share for my video, that would help me a lot!
@@WPressDoctor I cleaned malware code which was added in index*.php. After some time, it come again. What should I do in this situation?
Then there is still a gate left open somewhere. Make sure to reset all passwords and use the malware scanner like in the video.
@@WPressDoctor Which method you recommend for database scan?
@@WPressDoctor I am glad I found malware in WordPress database and remove it. There was 1800 links inserted wp post table. Thanks for your help.
Hi Matt,
I can't access my wordpress account the url just displays as the standard homepage to my website, you mentioned about a second video about the hosting did you do that one?
Max
Hi Max! Thanks for your question. You mean the WP-admin link does not work anymore?
I work out of file manager through my hosting. What do i do if I don't have the archive option when deleting everything and reinstalling wordpress? All i have on mine is create new folder or add to clipboard etc.
Thanks for your help.
Hi Skye! Thanks for the question, appreciate it! So than you should use a sFTP program like FIlezilla. Its completely free and I have made a tutorial about it here: czcams.com/video/wRD5Zhu8Ids/video.html
Doctor Thank U Very Much, I HOpe you can make Video Tutorial for Fix Hacked Cpanel or Plesk
Hi Fathur! Thanks for your comment. You are very welcome, I'm glad I could help you out with this video. I don't think I will ever make one, CPnael and Plesk are such beasts of a systems... I am not a ICT guy but a web developer 😉 Sorry! Take care and have a great day!
Hi
Thanks for this video.But for hosting company like hostinger please explain detailedly how can we find the File manager that can lead us to the htaccess
Hi there! You are very welcome. I’m glad the video was useful! Sure no problem, detailed information right here: www.hostinger.com/tutorials/how-to-use-hostinger-file-manager/ let me know if that works for you!
Hey Dr! What about the bandwidth limit exceeded issue if the traffic is less but bots attacks and other malicious attacks are ruining the website
Hi there! Oh that’s not good. It seems then that they are hosting files on your website and they are streaming it / downloading from your site maybe? Check FTP for strange files 👍🏻😀
Thank you. May God bless you with a Million pounds.
What a awesome name you have! And thank you for your comment, I hope He will bless me more and more! Have a great day!
@@WPressDoctor Thanks! I like it too. He will. You too my friend.
What should I do if I can't access anything inside of my WP-Admin dashboard?
Hi Zack! Thanks for your question. You mean like every link you click is a 404 not found or 403 not allowed page?
It doesnt let me to change permission or the script of the file. I keep on getting the following error.
Could not write “/home/solarzam/public_html/.htaccess”: Inappropriate ioctl for device
Hi Syed Saad Anwar, Thanks for your question. That doesn't sound good. It might be that the problem is that your website is still being manipulated. Did you have changed all FTP passwords?
hello doctor. Your instructions are very clear and concise. I have a problem on my website, Wordfence License is not installing and taking me to a forbidden page, please help
Hi Joshua! Thanks for your question. That’s odd! I have not encountered this problem before. You can send your question to WordFence itself, maybe they can help!
thanks
You are very welcome! It makes me happy to read your comment, thank you for taking some time to write me. I hope my other video's are also useful for you. Getting the word out there with your like and subscribe, and possibly a share would be much appreciated. If you want a free website review / audit, check wpressdoctor.com/audit
This is very helpful thank you. Do you still use the same anti-virus? I am looking for replacement because my current one is not the best.
Hi Mikey! You are very welcome! I’m glad I could help you out with this video. Yes I still use ESET NOD32 which works very good! It always catches the bad boys before they can do anything on my system… I’m very happy with it. It’s about $50 for 3 years.
Stay tuned for more awesome videos coming soon 😀👍🏻 Have a great day and take care!
What if i can not get excess to my site? I try to log in to my dashboard and get this error message "There has been a critical error on this website. Please check your site admin email inbox for instructions." I have many sites on with bluehost and all of them seem to be infected
Hi there again! That’s not good. But it’s your lucky week, this Saturday I’m releasing a video about exactly this - how to fix a hacked website when you cannot enter your website. So keep tight till Saturday if you can 😀👍🏻
thank u
Hi there! You are very welcome! I’m glad i could help you out with this video. Have a great day and stay safe!
what do you do if you can't start the scan once wordfence is activated as a plugin. My permissions were disabled.
Hi there! Thanks for the question. Well it totally depends on why the scan won’t run? You can go into the settings and change the scan method to “safe”, that might work on your hosting…
Well on root there's an index.php file that keeps regenerating itself and sets permission to 444 whenever I delete it, edit it or overwrite it. I have installed wordfence, it found the file but don't have write permission. I changed FTP passwords, checked logs but there doesn't seem any FTP going on. Also reinstalled all Wordpress core files, still that index.php file regenerates itself and causes Japanase SEO spam.
Updated all plugins, deleted unnecessary and unused ones, cleaned all malicious php files, checked out CRON jobs, nothing worked and I'm exhausted. Do you have any more suggestions?
Hi there! Thanks for the expectation. That is really frustrating. First check if you also changed the SFTP password, yes this is different than FTP. It sounds like there is a webshell running on your website. Or your hosting has been compromised. Are you on Plesk or CPanel?
I followed all your steps, but that doesn't made any difference to my problem. It is same as it was before, affected by malware. index and .htaccess files gets regenerated and I can't delete it.
Hi Jyoti! Thank you for your question, I think you missed the last step: in this case you should reset your FTP passwords first 👍🏻😀 They might have access to your hosting also…
thanks Matt, but I have another problem, it seems my website is under ddos attack, I use a cpanel host and I found out my website loading speed droped dramatically and did not load properly and when checked CPU, it was 100%. Host service told me my website deal with ddos attack and just I have to temporarily limit website access to my local countries and find a permanent solution. what should I do?
Hi there! Thanks for your question. Well in this case I would route the website via CloudFlare. That will help you shake of the DDOS attacks. And make sure to use the iThemes security plugin of course 👍🏻😀
What is your opinion of the WordPress plugin SG Security? I use it and love it. It has 2-factor authentication and a custom WP login URL option, and it's free to use on any WP site.
HI Derek, I have not used the plugin for any of my sites, it might be worth it for me checking it out. However, since this is a relative new plugin, I trust iThemes more as they have years of experience...
ummmm... so when i reload the wordpress with the fresh install and old content folder, its asking me to set it up again, new (or I assume the old database name / password) database to setup.
Hi there, thanks for the question. Yeah dont forget to follow the part where we put back wp-config.php 💡
@WPressDoctor yeah I think I missed that part and when I did it again on another WordPress seemed to have worked fine.
Great work! Glad you got it fixed 😀👍🏻
hi @WpressDoctor! I'm really a fan of how you would explain these step-by-step. I had the same scenario with a client but I don't have access to their cpanel. Do you think installing a plugin called WP File Manager safe? Thank you!
Hi Kim! Thanks for your kind words! The plugin you mention is safe it use now indeed. It was compromised years ago, but it’s patched. Just keep it updated! 😀
@@WPressDoctor wow this lifted a heavy load on my back. We've been SEO Japanese hacked 2 weeks ago and I can't do anything now because I have no access to cpanel. I'll be following your other video with the japanese hack but will use WP File manager instead of filezilla. Thank you so much :D I'm a new subscriber and will be recommending you to my friends :)
Thank you! I really appreciate it! Have a great day and stay safe!
@Matt - WP Doctor Great video; thank you! I do have a question if I may....why is it when Im doing as you are (18:15) moving the files I dont get the option to select httpdoc. Mine only wants to move it to an enirely different folder and I cant change that. Any advice? Thank you.
Hi there and thanks for the kind words. That is just the way the hosting company has set it up, no problem there. It you don’t have that folder no problem. If you can still go to WP-content etc, all is good.
@@WPressDoctor Thanks so much for the response. I did try to fix on my own but the blog is down and its a hot mess because I cant get into the dashboard at all so I have no way of just redoing the site. I should say I have no way within the scope of my knowledge. Thanks again.
Oh that’s not good. You can also hire me to do the job, especially in these hard cases: wpressdoctor.com/fix-hacked-wordpress-website/
How to run the scan of Wordfence if you can't even access to your dashboard because your malware is restricting your access ?
Hi there, thanks for the question. Then it’s a problem you need to fix first. If you don’t know how, you can always hire me to do the job wpressdoctor.com/fix-hacked-wordpress-website/
I followed all the steps and finally some pages of my website not working
"NOT FOUND
The request URL was not found on the server."
Why this happened?
Hi there! Well done! Try to save your permalinks TWICE and empty any caches after that. Might do the trick 👍🏻😀
Hello, i get 404 not found in admins options in dashboard, like users... i have the same problem but i change the ftp password and i cant edit or delete de .htaccess and index.php files ... thanks
Hi Alejo, that is a nasty thing. Did you re-upload all WordPress core files? What you can do is creating a entire “new” website inside your PLESK or Cpanel, install a new Wordpress version and copy WP-content and the database. A bit of trouble but it might do the trick?
@@WPressDoctor The problem I think is Dreamhost because they can delete the files. They don't have cPanel. But why can they remove malware with a superadmin and I can't? I think that is wrong, I should have a higher level user for these cases. THANK YOU for your comments!!
You are welcome! Glad they could do something more than you 😀 I have no experience with Dreamhost, so I don’t know if that’s just the way they work 😌. Good luck and stay safe now 😀
My website is experiencing the same issue, and tried to do my best efforts, but index.php and.htacess files continue to update with malware code.
Hi Jayesh, I’m sorry to hear that, it’s so frustrating sometimes. did you also change all FTP passwords?
@@WPressDoctor yes, allready change FTP password. but it not worked
Try resetting hosting passwords and re-upload WordPress files (except WP-content folder) and see if that does anything?
Hello nice content and thanks Dr.
I have another problem,, when i click to delete the user,, it says the page isn’t working etc.
Hi there and thanks for the question! That’s a odd problem! It might be that the user is protected someway by the malware. Try to delete it straight from the database. If it then comes back, your site is not cleaned at all…
i scaned with wordfence,, it said the problem was with wp-config.php
i am not good with coding but i compared with wp-config.sample.php and i saw some suspicious code and deleted,, when i run the scan again it showed it was all good, i am trying to instal ithemes but i don't know why i cannot find in plugins@@WPressDoctor
This thing happened to me months back, I did the same things you do here before watching your video.
But I like your video because your process and mine are almost the same.
I still don't understand how the FTP account was hacked and he ran cronjobs on my server !!
I WOULD LOVE to Know from you Matt.....
Hi Abdullah! Thanks for sending me a message, really appreciate it! That’s indeed a good question. Could it have been brute force?
What hosting were you on? In the worst case - someone inside hosting company is setting passwords and sells them. This way they can also sell their “security services”, but that would be really nasty and low…
Hello Matt! Hosting company is Namecheap.
Could it have been brute force?
No idea!
Thnx for letting me know 👍🏻
very good but how did you et the log files
Hi there! Thanks for your question! That’s a good one. The only place you can look is in your hosting company’s log files - if you have installed WordFence you can check the logs of WordFence 👍🏻
When i go to the public folder,i see mine is emplty...what should i do please
Hi there! Thanks for your question. Well if you go the public folder and there is nothing there, then OR your website got deleted completely, OR you are in the wrong folder and then you have the wrong FTP settings from your hosting company…
I could not find the "htaccess" file. Where is it?
Hi there! It’s possible that your hosting does not use any .htaccess files. No worry’s, then it’s alright 😀
hi, i have a hacked website i will like to clean, can you help with this?
I can, just follow all the steps in the tutorial, that might work 😊
hello.. can you fix the problem of my website? it has some malware..
Hi there! Yeah sure! Let me just use my Godly powers to fix your website from here *snap* how is it now?
😂😂 That’s a joke. I can only fix it if I have access to it and you allow me to make a video about it.
in my case i have only the base ftp client and changed my cpanel account password enable 2fa on databases and cpanel account did everything but after replacing wordpress core files and cleaning the site with wordfence in 7-8 hours the files are back again somehow not sure what to do
That sounds like some nasty malicious files. I could take a look on a no-cure no-pay basis, check my website for that wpressdoctor.com/
@@WPressDoctor i dont have that much money sadly or would have gladly paid
Well you could allow me to make a video about the whole proces… than it’s free 😀👍🏻
@@WPressDoctor yeah definetly
Send me all details to the@wpressdoctor.com, then I can do it after the weekend! Check the form on my website for all info I need 😀👍🏻
Dankjewel! Ik begin een beetje inzicht te krijgen op wat er gebeurt is bij het hacken van mijn site. Via Wordfence tools kan ik zien welke gebruiker gehackt is, maar ik mag die niet verwijderen. Is er een manier om dat via ftp te doen? Sinds gisteren kan ik een klein beetje mijn weg vinden in FileZilla (thanks again)!
Hi Veronique! Wat goed dat je steeds meer inzicht krijgt in deze wonderlijke wereld 😉. Je kunt de gebruiker verwijderen als je in de database kunt komen. Dan is het eigenlijk vrij simpel. Dus ga naar je hosting en zoek daar naar MySQL of PHPmyAdmin. Dan kun je in je database. Zoek dan naar een tabel genaamd “users” en dan zie je een rijtje met alle gebruikers. Verwijder daar eentje ervan en hoppa - oplgelost 👍🏻😂
@@WPressDoctor Thanks!
Matt, So what about the data base, you said that there was not much to worry about, but a lot of data goes to the database.
Hi again! Yeah the database is the place where everything is stored like your posts, pages and comments. But in this case the database has not been touched, so no need to worry there.
i allowed a site by mistake , how can i check that it has my data or not
Hi there! I don’t think I fully understand you. What do you mean with “I allowed a site”… how did you allow a site?
I tried deleting everything but unknown files is still recreating. Did you experience this guys?
Hi there! Did you watch the entire video? Cause that is exactly what happens in the video…
what happens when your plugin menu experiences a 403 error???? How do you activate wordfence
Hi Tamara! Thanks for the question. Well in this case you first have to get WordPress fixed. So re-upload all files for example except WP-Content... then try to activate WordFence?
@@WPressDoctor Thanks it worked!
Awesome! Hope you can clean your entire site 😀
❤
Hi Elena, I'm glad you liked the video and I could help you out 😊
I assume I delete the hacked website zip file?
Hi there, yeah you can delete it or keep it safe somewhere if something goes wrong 💪🏼
Hi How can i get in touch with you??
Hi there! It totally depends on why you want to contact me. This is the fastest way. 😀
Hey my WordPress have these Japanese Huck and I followed the last video and it got back 4 minutes or so then got the same problem I cannot edit any files if you please help me I will appreciate it and I cannot open Elementor and customizer give me 200 ok error please help me I did everything I can and thank you
Hi there! Did you reset all passwords of your hosting? So also the ftp accounts and acces to your hosting and email?
@@WPressDoctor thank you it was my mistake the virus I think has gone but there's only one problem my Elementor and customizer doesn't work until I put this code and
SubstituteMaxLineLength 10M
in my HTACCESS and they work fine until I make major changes like Permalink structure or changing the starter templates for example the problem get back and I have to put the code again for it to work if you have a solution please help me and another thing when I search my website in Chrome it give me the right name and everything but when I search it in Microsoft Edge it still give me that Japanese is it need time to update to the normal name or I still have the virus and thank you for your help
When your website has been cleaned it will take some time to clean up in the search engines. Just be patient.
The code looks like a hosting setting that they could change for you so that it keeps working 😉
@@WPressDoctor thank you very much I appreciate your help
@@WPressDoctor but I have one last question why does Elementary end customizers does not work by themselves why do I have to put the code
g00d
I’m glad the video was useful. I hope my other video’s will also add something to your knowledge and skillset! Getting the word out there with your like and subscribe, and possibly a share would be much appreciated. Have a awesome day! If you want a free website review / audit, check wpressdoctor.com/audit
I am also using plesk and my website also hacked. I removed all the file but they again pushed all them back.
Hi Tamim! Thats to bad, make sure to change all your passwords, also the FTP password.
@@WPressDoctor Yes, I removed all the file and change the FTP and wordpress password. But plesk is worst, Its not allow me to update php version, Now PHP has 8.2 but still we are running our website with 7.4
Pls i need help. Hosting company are not even helping the situation
Hi there! That's to bad but somewhere logical. Well I can help you out. You have 2 options, OR you hire me to do the job (see wpressdoctor.com ) OR I can make a video about fixing your website and then you pay nothing 😊
@@WPressDoctor what is the cost ?
@@WPressDoctor Waiting to hear from you
See wpressdoctor.com/ its all there.
My site was just attacked by japanese keyword hack, I followed your tutorial and also disabled xml-rpc file
Thank you so much
You are very welcome! I’m glad you got it cleaned! Well done, I’m proud of you 👍🏻😀
I noticed that after removing every malware files, it reinjects again and countlessly, even deleted folders and files comes back again. Now I see I have to reset my FTP access
Thanks
You are very welcome! It makes me happy to read your comment, and that I could be of inspiration to keep those hackers out! thank you for taking some time to write me. I hope my other video's are also useful for you. Getting the word out there with your like and subscribe, and possibly a share would be much appreciated.
There is JavaScript malware which comes again and again can you please help me.
Hi Pradeep, did you follow all steps in the video?
@@WPressDoctor yes i do
Ah ok, did you change all passwords, including FTP?
Yes I have changef all
Good job! Did you re-upload entire Wordpress (except WP-content folder)?
What if I can't login to my WordPress?
Hi there! Thanks for your question. Then you can skip to the part where I replace the entire WordPress website (except wp-content). Maybe that will solve it? If not, let me know!
@@WPressDoctor Thanks a lot 🙏
Ur welcome!
Hi, I can't solve my website I can't edite enything because Uncaught Error: Call to a member function add_feature() on null in ....
@@WPressDoctor
Can you please help me with my websites , it has been hacked
I can, just follow all the steps in the tutorial, that might work 😊
@@WPressDoctor the issue is it’s not just one website but 3 at once and I called the hosting company that how come 3 sites can be hacked simultaneously, they are not taking the blame.
Could be a problem with a hacked FTP or a hacked control panel?
Thanks, Doc I’ll bookmark it for the worst-case scenario. What company was hosting this website? This sounded like a one-man operation. 😂 You definitely need a good anti-virus when you’re dealing with this kind of mess. What software are you using? I can see you’re not using big-name brands.
Hi there! Thanks for the kind words, yeah bookmark it is a very good idea! I don’t know the host of this client, but it was not safe 😁. Yeah years ago I moved away from McAfee and Norton and they drained to much memory of my PC. Since then I use ESET NOD32 anti-virus, which is extremely light weight and also not so expensive 😀👍🏻. I think the other anti virus scanners have also evolved in the past years, but ESET has never failed me and trust me, I have to deal with a lot of malicious files and websites on a weekly basis. Have a great day and stay safe! 😀👍🏻
@@WPressDoctor -- You're welcome. I've already added it to my Chrome bookmarks. I might need it if my WordPress site comes under attack. I'm running an unmanaged VPS on Plesk because I want to learn server management. 😆 Fair enough; that wasn't the safest host, I would say. 😂 Thank you for the name; I'll check these guys out because I've had enough of household names like McAfee. 😂
How to remove Chinese url links
Hi there! Just follow the steps in the tutorial! The best thing should be by using a backup, but if that’s not possible, just go through the steps.
My site is also hacked but I don't know how to recover my website
I also cannot access my wordpress dashboard even
Hi Bilal, That’s not good! Can you access your host?
How do you remove the japanese links?
Hi Hamzah! Well you could do it manual, or by using a plugin called “Better Search and Replace” - that’s a powerful tool so be cautious 👍🏻
@@WPressDoctor I've tried re-indexing the website and submitted list of links to disavow. Still showing japanese seo
Oh well if the Japanese rubbish is deleted from your site, give Google a week or 2 to update the index 😎
@@WPressDoctor Google removes the rubbish links then a day after, even more japanese links results appear.
Need your help please, Doc.
Hm sounds like your website is nog yet cleaned?
How come your website is so basic? How does one interview to possibly hire with you?
Haha it’s a temporary website 🤩 it’s going to be a wild website with a really awesome design. But for now it’s just a temp thing 😊 I also put that on the website, but just hold on, it’s coming 🤩
REMOVE WP-CACHE!
Hi Oscar! Thanks for your shout-out 😂 What do you mean with remove WP-cache? To remove cached malware and hacked files?
@@WPressDoctor I use bluehost as a host and my site of 10 years was recently attacked with malware. When I brought it to their attention, they found links to infected things on the site, all of which were located in the WP Super Cache folder. (Bluehost adds a Malware.txt in the directory for you to see what links were infected)
I did further research and found a lot of forums, links, topics relating to the malware vulnerabilities that the plug in creates. It’s very strange
Oh wauw! That’s new for me, good that you explained, thanks man! Just learned new stuff 😀 is your website all cleaned now?
@@WPressDoctor i hope so! They have to do another scan. They suspend sites that are infected until the issue is resolved. Hopefully it is clean after they scan it, then it’s just a waiting game now.
Oef, that’s not great, waiting…. Good luck man! If you need help, just let me know 😀
This happened to me when I had HostGator, the hosting company's solution to my problem was to get SiteLock, I did a quick search on SiteLock and what I found was terrifying. It's as if your account gets intentionally hacked so they can offer a service. I noticed a group of hosting companies under the parent company Endurance International Group all offered SiteLock. The next company I switched over too was not in that list I promise you that. I read horror stories about people opting in for the service out of desperation only to find out they were being robbed and couldn't get a hold of SiteLock to cancel their service with them.
Hi Elisabeth. ! Thank you very much for your comment! I really appreciate it. That does not sounds good. I never heard of this company before but I would be curious to check this out. Thanks for telling all of us your experience. Have a great day!
happened to me too i think HostGator intentionally leak users info so that they can sell their sitelock scanner. theres no virus scanner on their cpanel so you are force to buy their service they also ask me $300 to fix my hack wordpress and cpanel
Oh wauw! That does sounds like crazy coincidence!
@@WPressDoctor Elisabeth? 🤔
Yeah, E.I.G.-owned companies are terrible. I use SiteGround.
My domains hosted at GoDaddy have been hacked with malware. Research shows that GoDaddy had a big hacking event earlier this year. They did not notify me. Which registrar do you recommend? I use WordPress. Thank you!
Hi there! Well it totally depends on your budget. If you are starting out - Go wp.discount/hostinger-discount/ if you have a bigger budget go wp.discount/siteground-discount/ ⚡😀
For some reason, even though we have number of plugins, none show up in wp-content/plugins I see one folder, akismet and two files, hello.php and index.php. That's it. I wish it was as easy and your description.
Hi there! Thank you for your comment. I think you have a WordPress multisite installation? Then the plugins are at the main site 👍🏻😀