1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help! Is My Wordpress Website Attacked?

Discussion in 'Blogging' started by michelleWJ, May 22, 2016.

  1. michelleWJ

    michelleWJ Newbie

    Joined:
    Jun 11, 2012
    Messages:
    22
    Likes Received:
    1
    Hi, BHW members,

    I am running a wordpress blog website. It is about 5 months old and I don't add any backlinks to it. Several days ago, I could not log in to my wordpress account, when I open it from my bookmark, it shows something strange as below:

    "
    exists() || ! $theme->is_allowed() ) wp_die( __( 'Cheatin’ uh?' ), 403 ); switch_theme( $theme->get_stylesheet() ); wp_redirect( admin_url('themes.php?activated=true') ); exit; } elseif ( 'delete' == $_GET['action'] ) { check_admin_referer('delete-theme_' . $_GET['stylesheet']); $theme = wp_get_theme( $_GET['stylesheet'] ); if ( !current_user_can('delete_themes') || ! $theme->exists() ) wp_die( __( 'Cheatin’ uh?' ), 403 ); $active = wp_get_theme(); if ( $active->get( 'Template' ) == $_GET['stylesheet'] ) { wp_redirect( admin_url( 'themes.php?delete-active-child=true' ) ); } else { delete_theme( $_GET['stylesheet'] ); wp_redirect( admin_url( 'themes.php?deleted=true' ) ); } exit; } } $title = __('Manage Themes'); $parent_file = 'themes.php'; // Help tab: Overview if ( current_user_can( 'switch_themes' ) ) { $help_overview = '

    ' . __( 'This screen is used for managing your installed themes. Aside from the default theme(s) included with your WordPress installation, themes are designed and developed by third parties.' ) . '

    ' . '
    ' . __( 'From this screen you can:' ) . '

    ' . '
    • ' . __( 'Hover or tap to see Activate and Live Preview buttons' ) . '
      ' . '
    • ' . __( 'Click on the theme to see the theme name, version, author, description, tags, and the Delete link' ) . '
      ' . '
    • ' . __( 'Click Customize for the current theme or Live Preview for any other theme to see a live preview' ) . '
    ' . '......."

    And a lot more such things. (I only copy and paste some of them), if I try to log in from wordpress log in page, there is all blank. I have no idea what to do with this problem.

    More worse is, I found that there are suddenly 2000+ irrelevant backlinks according to Ahrefs (4000+ irrelevant backlinks in Majestic) to my site, those backlinks started from 16, 05, 2016. It is increasing everyday. What should I do to deal with these 2 problems? Please help me. Thanks in advance.

    ( I am not sure if I post in the right section, please move it if I post in the wrong place, thanks)
     
  2. wpsoul

    wpsoul Junior Member

    Joined:
    Oct 15, 2015
    Messages:
    100
    Likes Received:
    15
    It doesn't look like virus code. it's like you have broken file and part of file is rendered on site as text string.

    Also, you can check all extensions for autoinstall, autoupdate themes
     
    • Thanks Thanks x 2
  3. Conor

    Conor Elite Member

    Joined:
    Nov 7, 2012
    Messages:
    3,579
    Likes Received:
    5,964
    Gender:
    Male
    Location:
    South Africa
    Home Page:
    This ^

    Go to your FTP folder and move your active theme to a temporary backup folder somewhere else.

    After that, try logging into Wordpress again.
     
    • Thanks Thanks x 1
  4. Sristy

    Sristy Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 17, 2010
    Messages:
    1,839
    Likes Received:
    491
    Gender:
    Female
    Location:
    In My Blog Network
    Home Page:
    Delete your active theme through ftp, your site should fall back to default theme, will let you login.
     
    • Thanks Thanks x 1
  5. stevenvanlie

    stevenvanlie Jr. VIP Jr. VIP

    Joined:
    Jun 18, 2014
    Messages:
    176
    Likes Received:
    26
    hi , just ask your hosting provider for restore the backup database for the period that you know it work normally.
    for the backlink , just use google disavow tool in google webmaster
     
    • Thanks Thanks x 1
  6. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,396
    Likes Received:
    8,100
    As above. Temporarily remove default theme, try removing plugins - to try and pinpoint the problem.

    If that don't work try restoring from backup.

    If you don't have backup you may need to load a copy of the default WP files then work back from there.
     
    • Thanks Thanks x 1
  7. michelleWJ

    michelleWJ Newbie

    Joined:
    Jun 11, 2012
    Messages:
    22
    Likes Received:
    1
    Thank you for your reply, I will try to check all of these.
     
  8. Bill.liew

    Bill.liew Newbie

    Joined:
    Jan 24, 2013
    Messages:
    20
    Likes Received:
    4
    Try to reinstall the theme you are using by ftp if you are not able to access the admin panel to do so, I will suggest you trying the basic theme that came with WordPress. It is possible that you are using a theme that is not compatible with your current version of WordPress. If that is still not working, request for a restore from backup. Good luck.
     
    • Thanks Thanks x 1
  9. michelleWJ

    michelleWJ Newbie

    Joined:
    Jun 11, 2012
    Messages:
    22
    Likes Received:
    1
    Thank you for giving me more detailed steps that I should take, I have little site-building experience. I am about to follow your advice, hope it helps. Thanks!
     
  10. michelleWJ

    michelleWJ Newbie

    Joined:
    Jun 11, 2012
    Messages:
    22
    Likes Received:
    1
    Thank you very much, you are the second friend who gave me this advice, I will definitely try this solution, hope it works.
     
  11. michelleWJ

    michelleWJ Newbie

    Joined:
    Jun 11, 2012
    Messages:
    22
    Likes Received:
    1
    Thanks for your reply, I myself have no idea what's happening, I plan to try solutions all of you gave me one by one until the problem is solved. Thank you again.
     
  12. michelleWJ

    michelleWJ Newbie

    Joined:
    Jun 11, 2012
    Messages:
    22
    Likes Received:
    1
    Thank you for your further advice, I will try all these methods you give one by one until the problem is solved. The problems I face remind me of running a website carefully. I really don't want to get in these troubles once again.
     
  13. michelleWJ

    michelleWJ Newbie

    Joined:
    Jun 11, 2012
    Messages:
    22
    Likes Received:
    1
    Thank you for your reply, I used a simple gray theme on my blog, but indeed ask someone to edit it to meet my needs. It was ok for the first 5 months, so I thought it was compatible with my current version of WordPress, oh, now it seems I was wrong. Thank you.
     
  14. guru1surfer

    guru1surfer Newbie

    Joined:
    Aug 22, 2015
    Messages:
    4
    Likes Received:
    1
    Don't delete theme or plugins as suggested and lose so much of your hardwork time. Using your FTP or filemanager if you have cPanel and rename the theme folder name, then try accessing the site if it works that means some code in your theme is not right and you will either need to install the theme again or contact the developer. If you still can not login you the error message is still there, the rename the theme folder back to its original and rename the plugins folder, this will disable all your plugins. Now try to login and you will be probably able to. After you login, rename the plugin folder back to its original and activate the plugins one by on until you find the one causing the issue.
     
    • Thanks Thanks x 1
  15. alexio

    alexio Regular Member

    Joined:
    Jan 10, 2013
    Messages:
    381
    Likes Received:
    81
    after resolve this technical issue, use cloudflare (it's free) and set-up the protection hack to maximum. it'll prevent you from other attacks
     
    • Thanks Thanks x 1
  16. michelleWJ

    michelleWJ Newbie

    Joined:
    Jun 11, 2012
    Messages:
    22
    Likes Received:
    1
    Thank you very much for your reply. I really don't want to delete the active theme, I wanna keep it as possible as I can. Yesterday, I moved out the theme from the theme folder, and then tried to log in but failed. I don't know if I did all things properly. I created a temporary folder in wp-content, but outside the theme folder, then I moved my active theme into this temporary folder, that's it. After that, I closed the ftp and tried to log in my wp account, the problem was still there. I will try your method, hope it works. Thank you again.
     
  17. michelleWJ

    michelleWJ Newbie

    Joined:
    Jun 11, 2012
    Messages:
    22
    Likes Received:
    1
    Thank you very much. I found that my site not only had more and more irrelevant backlinks, but also redirected to some other sites, something like this: (in Majestic)

    http://ExampleDomain.com/sepet/
    computer monitoring software mac version
    http://www.MyDomainName.com/?q=computer-monitoring-software-mac-version

    Almost all backlinks are similar with the example above, my site has nothing to do with these computer monitoring software, mobile phone call recording spy software, or any spy software things. My site is new and don't have lots of traffic. I think they may hurt my site. I want to remove those links and protect my site well.
     
  18. BuildMoreLinks

    BuildMoreLinks Jr. VIP Jr. VIP Premium Member

    Joined:
    Jun 7, 2012
    Messages:
    2,044
    Likes Received:
    689
    restore to an older backup and then try to compare the changes to be 100%. Also asking for logs from hosting company will also help.
     
    • Thanks Thanks x 1
  19. michelleWJ

    michelleWJ Newbie

    Joined:
    Jun 11, 2012
    Messages:
    22
    Likes Received:
    1
    Thank you for your reply. I renamed my active theme and plugin folder, but http://www.MyDomainName.com/wp-login.php was still blank. I am going to contact my hosting company now. Thanks again.
     
  20. Donbuffy

    Donbuffy Jr. VIP Jr. VIP

    Joined:
    Jul 23, 2012
    Messages:
    385
    Likes Received:
    68
    Gender:
    Male
    Occupation:
    Self Employed
    try deleting the existing theme and some plugins from third party and try again, or you contact your host to back up your data and reinstall wordpress...
    Hope this helps
    :)
     
    • Thanks Thanks x 1