Got my site hacked today which was a bit of fun.
Here’s how i found out what happened and how i fixed it.
Only effected the core WordPress files
Not very smart hackers because they added a dot which 404’d the pages they where trying to redirect! hahaha
How Did I Know I’d Been Hacked
Wordfence alerted me when i installed it today and completed a scan after noticing some menu links redirecting to proxy.piratenpartij.nl
If i had the Wordfence plugin installed before like i normally do, i probably wouldn’t have been hacked. After installing the plugin and running a scan i received an email alerting me of the problems found on WP Sites.
Wordfence found the following new issues on “WP Sites”.
Alert generated at Wednesday 17th of October 2012 at 05:48:11 AM Critical Problems:* WordPress core file modified: wp-admin/images/icons32-2x.png
* WordPress core file modified: wp-admin/images/icons32-vs-2x.png
* WordPress core file modified: wp-admin/images/stars-rtl.png
* WordPress core file modified: wp-admin/images/stars.png
* WordPress core file modified: wp-content/index.php
* WordPress core file modified: wp-includes/images/admin-bar-sprite-2x.png
* WordPress core file modified: wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/embedded.png
* User “tienwru” with ‘subscriber’ access has a very easy password.
I found all my sites static pages had been effected. The ones included in my primary and secondary menu’s and the links in my footer.
Posts where uneffected.
I completed a scan using Sucuri which was clean before i ran the Wordfence plugin scan.
I then completed the Wordfence scan immediately after using Securi which detected the WordPress core file where hacked and critical.
I scanned my site again using Sucuri’s free Site Check Tool which showed my site was clean.
Sucuri’s Tony Perez has commented on this below.
How To Fix
I simply deleted both the wp-admin and wp-includes folders from my public_html root directory and uploaded fresh ones.
I followed my own post about how to update WordPress manually and replace the corrupt files.
10 Ways To Secure WordPress
I’ve written many posts about the best ways to secure WordPress but since moving to WPEngine, i’d removed all the security protection and relied on them to protect my site.
Always a good idea to keep multiple full backups stored away from your server like i have.
Think You’ve Been Hacked
If you think you’ve been hacked, WordPress offer a very extensive list of information for anyone that thinks they have been hacked.