Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: ergophobe
Can anybody point me to the definitive guide of what to do now? I have changed my admin password, but is there a step by step guide of how to get rid of all that bad code?
Is this normal? How can I see the users another way? Will I have to do this directly on the SQL database?
The thing is, I thought the header.php hacks were all based on rather old versions of WP. I haven't heard of one in quite a while.
Anyway, if you can't identify what exactly got hacked and how, I would do a clean install, and import only vetted content/data. In other words, a whitelist rather than a blacklist approach. And yes, that will likely involve looking through the database. For that sort of task, I like to use SQLYog, much easier to browse data that with the command line client and much more convenient than PHPMyAdmin (you'll need to export your database and look at it locally - that advice assumes you have a MySQL server on your local machine)
I haven't got an exact time record of events, but basically I was hacked on an old version, did a complete re-install with new database, imported a CLEAN backup (done before the hack) and then, around the same time of the new hack, changed my admin password back to what it was when the original hack took place.
I now suspect that it has something to do with this password change - is that possible?
I have now cleaned the header.php file, changed my admin password again, and am constantly looking at the source code of my online posts to make sure they're clean, which for the moment they are.