January 22, 2014 at 3:51 am #86416
It seems like my website has been hacked after installing the Enterprise theme. I published the new theme on the domain in December and this week started seeing links to spam websites in the header.
Please view the page source and look at the code on the bottom. http://www.gridexpress.co.za/
Can someone please assist and let me know how this happened, what I can do to remove the code and how to prevent this from happening again?
Hughhttp://www.gridexpress.co.za/January 22, 2014 at 8:56 am #86454
So sorry to hear that this happened! These kind of exploits rarely happen through the theme, but are more likely a hack of your hosting account. I would recommend the following:
(1) Change all passwords associated with your website and your hosting account immediately.
(2) Install the plugin called Anti-Malware (Get Off Malicious Scripts) and allow it to run a full scan. You can usually clean up your files right from the dashboard once it identifies the issues.
(3) Install Wordfence Security and allow it to run a scan. Leave this one on the site permanently to help ward off potential hackers.
(4) Contact your host's technical support and ask them to investigate what might have happened in case there is a security issue on their end.
(5) Delete any unused themes or plugins (except one default theme - I usually keep Twenty Twelve installed but inactive) and make sure your themes, plugins, and WordPress installation are all up to date.
If you need further help, feel free to contact me via the links in my signature - I offer malware removal and cleanup as part of my business.
Best of luck!
January 22, 2014 at 9:58 am #86468
I agree with Andrea but you should also speak to your hosting company about their Joomla application. One of my clients was hacked recently and when I logged into their hosting account, there was a message that the hosts Joomla application had been compromised and therefore the people who had websites on that host had issues with their websites being hacked.January 22, 2014 at 9:59 am #86469
To add clarification - even though you are using WordPress, the Joomla hack gave them a way to access your hosting account information.January 22, 2014 at 2:02 pm #86518
Thank you for the reply. I sent an email to you via your website.
HughJanuary 22, 2014 at 7:09 pm #86565
Just wanted to check in - I responded to your email but didn't know if you received it. Sometimes my emails go to spam folders because of the volume of messages I have going in and out, so check there if it didn't go through. Thanks!
You must be logged in to reply to this topic.