Need help? Check out our Support site, then

Blog has been hacked! HELP

  1. I have a site with WordPress on it and it has been hacked. I cannot get it to pull in. It starts to want to download a file.

    What is the best approach to get the blog back up and running and safely removing the file it wants to download?

    Reinstall and how?

    Panicked and need help!

  2. Bobbim - I'm sorry to do this to you when you're in a panic, but you're at the wrong site. You need to be at and ask over there.
    Do a search on the forum over there too as there may be answers to your questions before you type.

    Good luck!


  3. bobbim, where is your blog? Is it self-hosted because your hosted blog in your profile doensn't seem to have any issues. Could you give us the URL? If it is a self-hosted blog? The best way to get help with that is post over at , but they will also need to know your URL and what is the problem you are seeing.


  4. Downloading a file sounds more like a change in the webserver settings so that it no longer recognizes a PHP file and what to do with it.

    Have you contacted your host to see if they've done anything recently? And what do you mean by "hacked?"

  5. I was at the Northern Voice conference and a woman there recommended that everyone with a blog upgrade to the latest version. Her blog had been hacked and it was hijacking everyone to a porn site; someone could, of course, hijack readers to a virus download just as easily.

  6. Is this a common thing at WordPress? I've never heard of this anywhere else I've been blogging. Never. And I sure hope I'm not going to have problems here, unless it's just w/ the problems and not

  7. Raincoaster would be referencing upgrading to WP 2.1.1, the newest version. is extremely secure and that is why all scripts that could be seen as a security risk are removed. The only risk you really run on is having someone figure out your password and that is why it is recommended to constantly change your password and use something that is not easily figured out.

    As well, from experience, the most hacks on self-hosted versions of WP are really caused by user error and not WP itself. This includes wrong file permissions, running plugins that are not secure or just having other scripts running in the same place as wordpress. There is always a risk of it happening to you, but if you keep track of what you have and what you are doing, you should be OK!


  8. Thanks for the tip Trent (re: password). Much appreciated.

  9. I've never heard of this anywhere else I've been blogging.

    There's actually a FAQ on the subject with examples. Plus this thread although those blogs were created, not hacked.

Topic Closed

This topic has been closed to new replies.

About this Topic