Wordpress Blogs Hacked

WordPress Blogs Hacked?  Yes it’s true.  There have been a lot of WordPress blogs hacked in the last month or so – some of them very recent versions (2.8+).  I do a lot of WordPress work for clients, and lot of it is plugins and themes, and SEO work – but you might be surprised how many new clients I’ve gotten that need WordPress security work.  These are people that have had their self-hosted WordPress web site broken into – and they need it fixed.  Typically it’s an automated spambot hacker that looks for a known exploit, like older versions of WordPress or older non-updated plugins.  I was surprised a few weeks back when I read this post on Lorelle about Old WordPress Versions Under Attack.  I thought at first that the hack she talks about was new, and it’s not – it’s just more rampant.

I did leave a few comments on that page, and I know I’ll get some traffic here from people seeking help.  Let me address that first.

If you have a self-hosted WordPress web site that has been hacked you have two choices:

  1. Hire someone to fix it
  2. Fix it yourself

It’s pretty easy to fix it yourself, and I don’t keep secrets – I’ll tell you what to do.  But if you’re really non-technical, or your income , business, or brand depends on your WP powered site and you need immediate assistance – Visit my Hire Me page right now.  Now back to the DIY info…

These recent WordPress infections and blog break-ins are pretty serious.  I’ve seen so-called “WordPress viruses” before that changed theme files, added code to your pages – but these recent hacks (and variations of it) get right inside your WordPress database.  The infection actually takes place through a bug in (older versions) of WordPress.  If you’re not currently infected, update to the latest version of WordPress ASAP, update all of your plugins, and then read my WordPress Security Guide to learn how to lock down your blog.


  1. In your WP Dashboard go to “Tools->Export” and export all of your pages, posts, links, and comments
  2. Download a copy of your entire web site in FTP
  3. In your web hosting account create a new MySQL database with a new username and strong 12 character password
  4. Delete your entire web site in FTP (all files, now that you have a local copy)
  5. Upload a fresh copy of the latest version of wordpress downloaded from wordpress.org
  6. Update your wp-config.php file to connect to the new database
  7. Go to http://www.yoursitename.com and setup and connect to the new WP databse for the first time (be sure to enter alternate WP table names)
  8. Login to your new fresh WP dashboard, and create a new account with admin access and logout
  9. Log back in  with the new account, and delete the admin account
  10. Upload a fresh copy of your theme and freshly downloaded versions of all the plugins you need (don’t use the local versions you just backed up on your local PC)
  11. In your dashboard delete the “Hello World” posts and default comment
  12. In your WordPresss dashboard go to “Tools->Import” and import all your posts, pages, comments, categories, and tags using the file you exported earlier
  13. Activate your theme
  14. Check your site in a browser to make sure everything shows up, then activate all your plugins and check again
  15. Manually reset your widget, wordpress, and plugin settings and all signs of the virus and infection should be gone!

This process is tedious for sure, but because this hack roots itself so deeply inside your WP database – the best way to get rid of it is just to dump that database and import your content into a fresh one.  Believe it or not, this is also an opportunity to clean your blog of old garbage you don’t need anymore, weed out plugins you no longer use, and it gives you a chance (once the infection is gone) to improve your WordPress Security!

I hope this information has helped someone, and I hope that you read this post before your WordPress blog got hacked.


  1. vehicros

    I have several WordPress installations on one shared account. Every one of them was hacked one night.

    I have an email address username and other info the hacker used to create a hosting account on my site.

    I suspect the hacker used a backdoor hidden in a wordpress plugin. As I recall the name of the plugin was Admanager, or ad mangler etc.

    The hacker did not delete or vandalize any of my files, but did block all of my access to admin areas to my account and wordpress accounts as well.

  2. This is a pretty easy thing to fix, I fix hacked blogs for clients all the time.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: