That includes my new personal blog on Godaddy.com that was not launched yet. It was running the newest Wordpress version, it had "noindex" and no incoming links.. I had even protected the site from beeing found/viewed by using an offline script and used very complex usernames and passwords.. How could this happen?
This problem has been going on for a long time....My sites and client sites have also been hacked. This is not isolated to Wordpress, as one of my sites is custom coded and same issue. The quick fix would be to do a restore from within Godaddy's hosting control panel. To do this, login to your hosting panel and click the big square button that says my files. Then history. Select a date and then restore. You might need to call Godaddy to make sure this goes smoothly. Also, don't try complaining to them, they will deflect...this is their integrity at stake. Just know, that it's not necessarily anything you did wrong. What you can do right is install the security scan plugin : wordpress.org/extend/plugins/wp-security-scan/ It tells you a few things you can set right before anything bad happens. Try to replicate for none Wordpress sites. hope this helps
By the way..it's most likely malware...which basically throws a popup window to your user and faking a security scan. Hopefully it's not eating your files or database.
1 key things to do is make sure your files anr't WORLD READABLE. this is how a lot of these mass attack on WP happens, you scan a shared servers home dirs for /wp-configs.php that you can read and then do the SQL stuff or whatever.
I agree that this is not new. I have also had a client recently have his (Go Daddy hosted) Wordpress site hacked. As much as I hate them for hosting, I can't say that this is specific to Go Daddy since you do have control over your own Wordpress security. What was their response? Did you contact them about it?
Are you sure it's happening due to GoDaddy or Wordpress? Have you explored any possibility of using unreliable plugins from untrusted developers? If you aren't aware, there are some plugins in wordpress.org where developer himself says "Using it is not recommended"! So if you used any plugins like that, it may cause problems for you.
I've noticed this happening a lot. Several of my clients have been hit (they were on Hostgator, though) I think it's more likely to be malware than the hackers targetting a specific host in most cases. Or, possibly brute-force attacks - was your CPanel password a dictionary word, or something easy to guess? I hope you haven't lost anything too serious. I know it's a pain to clean up a hacked Wordpress
Yes, there are several problems going on with Godaddy hosting right now. And many of the blogs are getting Malware codes injected.
My site was also hacked before, i added a security plugin to my site and my site is already running 1 month now and i had no problems.
So true. Using bootleg or warez premium themes and plug ins can really "F" up your site. So many are loaded with scripts, adware, and viruses. Do you really think people load this stuff up for download out of the goodness of their hearts? Hell no, they know that people like to beat the system, so it's an easy way to infect computers and websites. I agree, they do deserve it.
I have only installed paid extensions! I never use Warez plugins/themes and do not recommend anyone to do this either. I buy all themes from Woothemes. The thing that makes this very strange is that it was 100 % up to date. No outdated plugins, theme, wordpress version and so on.. I did use the Godaddy wordpress installer. I did not upload the files through FTP.
Yes few of my blogs hosted on Daddy was hacked too last week, and few of my friends and clients are also facing same problem with Godaddy. Even though i use them for just few blogs, but looks like gotta move on!