Hi, I have a wordpress site BroncosBook.com was hacked for some reason. I'm not sure how this can be fixed. Can anyone help? http://sitecheck.sucuri.net/results/broncosbook.com
Once your site is back up and running, do this: - scan any device - pick stronger passwords - install the WordPress Firewall plugin - make sure WP is up to date as are all the plugins you use - make sure your theme is up to date - if you use FTP, make sure you're using FTPS, FTPES, or SFTP - make sure you do continual backups of your database and files
It looks like the theme has been purposely broken. Try a different theme, or re-install your existing one. Edit: Just saw the malware warning (I wish you'd have told us that before I clicked, lol). That is more than likely placed in the theme somewhere. You could try disabling all plugins and see if that fixes anything, if not then change the theme. As long as you get rid of the malware FAST your site shouldn't be punished.
Ask your host to scan the server once and also download the database, files and scan it and if possible do a fresh install with the latest version of wordpress with your old database.
Hello, I am working on local security company in my town, can help you to fix your site. Please contact me if you are interest.
The easiest way to fix the problem is to delete all files on the site, remove the database and reinstall your last good backup. If you don't regularly back your site up, see if your host can restore a backup from before the site was hacked. If not, reinstall the site from scratch and start making daily backups.
Will say just Clean your code, start with Fresh theme. following preventions and plugins for you. Connect securely using SSH/SFTP Keep WordPress Cookies Salted Limit theme and plugins use, Delete unused ones. Move wp-config.php one level up renemae database prefix during installation "Limit login attempts" plugin will help you from brute force attack Disable User registration Avoid using Free themes (except you haven't coded it yourself) Manage Persmission 644 or 640 to files & 755 or 750 for folders Hide WP generator Info - version info Enable SSL Login Kill addtional PHP Execution, like php files in uploads folder should not be executed. you can find htaccess trick for this. Personally will recommend disable Plugin or theme editor. Some Plugins for security Akismet Duo Factor Authentication Vaultpress Limit login attempts Bulletproof security
In addition to suggestions above: - scan your site using ClamAV from time to time (have your host install it if not available) - get rid of any plugins, scripts or other files you don't really use on the server - check other scan/report sites and services, fix what they find and report the cleanup so your site doesn't get banned/blocked in search engines and browsers http://www.google.com/safebrowsing/diagnostic?site=broncosbook.com http://www.unmaskparasites.com/ http://siteinspector.comodo.com/
Changes you server pass and your all other passwords. Then remove the virus in the website files and uploaded fresh files.