Hello. Last night when I wanted to log in to my wordpress site, it showed that incorrect password. I was shocked, then I asked for password, it replied that none of the email is registered. I was too upset but I then accessed my cpanel account and then i changed pw and email from phpmyadmin. I could log in. I was checking who logged into my site then I received invitation of chat in gmail. That was the guy who contacted me and warned me to increase my security otherwise he would then hack completely my site and would crush all data. Details: I have strong username which is even I don't remember and I always type it through my diary. I have strong 12 + letter pw. Plugins Details: I am using, All in one seo, exclude page, wp pagnavi facebook social share all in share db backup wp security scan wp version hide etc I installed Bullet Proof security but was not satisfied. The guy was checking all the time my site and was saying that i am installing and editing this and this. I was confused he said that he could access my wp-admin folder I then setup a password as he suggested me to protect this folder, but the site was not working fine even when I logged out and even entered right user name and password but site didn't show wp-login.php page. Now I want help, how can i protect my wordpress site. www.smsloved.com/wp-admin see here and tell me. How can I protect my folders, How can i increase security, I denied all permission to access wp-config.php file, htaccess file through editing in .htaccess Please help me.
I am thinking that the wp-admin and wp-login.php should redirect and I must have a custom page of login. Can anyone help me?
They guy probably has planted some sort of bug/virus on your page/computer. 1) Scan your computer 2) Scan your hosting space 3) Change your password and make it a bit longer. Something like 20 + 4) Check the IP addresses and block unwanted ones (like the one of your hacker friend) 5) read these tips http://www.hongkiat.com/blog/hardening-wordpress-security/ Code (markup):
I think you're most probably upgraded from the older versions of WordPress which does not updates the wp-config file to add "Authentication Unique Keys and Salts." Find it in your wp-config file and get them configured. I had my site hacked and i configured them and it never happened. Cheers
Sounds like you let the guy in and he installed some kind of script on your site or computer. I would first go to my host and let them see if your site is infected.
Make sure you don't have any malware on your PC. Change your Cpanel details. Change your e-mail details. Clean out your WordPress dir, only keep WP-Uploads and an export of your DB. Make sure your DB is clean. Install everything fresh and import your old DB and uploads folder. If you don't clean out your hosting account, the malware script, if any, can still be there, but with the changes mentioned above at least you'll know your WP DB and Directory is clean and all your login details new.
Nobody can guess what code he may have left at your server. Check for all the changes files in recent time and also upgrade your wp. If you are using latest version, try re-installing wp through admin console.
# directory browsing Options All -Indexes Inserted this code in .htaccess file which redirects every directory to home page. I have setup everything, re-installing, creating password to wp-admin directory. The problem which is occurring now is that due to above code, it is also making my all pages as directory. Lets suppose my contact page is www.smsloved.com/contact-us so it is also taking it as a directory and redirecting to home page. is there any code that can be solution for this problem?
I have allowed only my ip to access my wp-admin panel. So I can only access and all other pc will be redirected to home page.