I have an amateur wordpress site for a club which seems to have been hacked. With some help on here I have undone some of this but I've still got quite a few problems. Mainly I can't get into the dashboard or edit any of the pages. I can log in with my old admin account which still has all the attributes in the db (usermeta) implying it is an admin but I get

403 Forbidden You do not have permission to access this document.

when I try to edit any pages or do anything other than view pages. Clicking the dashboard is the only thing which doesn't take me to a 403 and that takes me to an entirely unformatted page which starts with a list of links (that would be in the dashboard) and then what looks like it would have been the content in the main pane unformatted.

If it is relevant I have an odd change where the instance name of Wordpress seems to have changed to My CMS ? I cant remember what it was before but it wasn't that !

I've tried adding a new admin user in the db but this doesn't seem to have worked. I've not investigated this too much as the original admin still seems to be in there correctly.

I was wondering if there is a plugin or install option (I'm operating through Plesk) which would overwrite all the standard PHP/css etc files without affecting content too much (at least without deleting the content realise I might be left with quite a bit of reinstalling of theme / plugins). Failing that maybe there is a plug in that could help ? Failing that any suggestions on offer ?!

I have an amateur wordpress site for a club which seems to have been hacked. With some help on here I have undone some of this but I've still got quite a few problems. Mainly I can't get into the dashboard or edit any of the pages. I can log in with my old admin account which still has all the attributes in the db (usermeta) implying it is an admin but I get

403 Forbidden You do not have permission to access this document.

when I try to edit any pages or do anything other than view pages. Clicking the dashboard is the only thing which doesn't take me to a 403 and that takes me to an entirely unformatted page which starts with a list of links (that would be in the dashboard) and then what looks like it would have been the content in the main pane unformatted.

If it is relevant I have an odd change where the instance name of Wordpress seems to have changed to My CMS ? I cant remember what it was before but it wasn't that !

I've tried adding a new admin user in the db but this doesn't seem to have worked. I've not investigated this too much as the original admin still seems to be in there correctly.

I was wondering if there is a plugin or install option (I'm operating through Plesk) which would overwrite all the standard PHP/css etc files without affecting content too much (at least without deleting the content realise I might be left with quite a bit of reinstalling of theme / plugins). Failing that maybe there is a plug in that could help ? Failing that any suggestions on offer ?!

• wp-admin
• hacked

Share Improve this question asked Apr 2, 2019 at 21:02 gringogordogringogordo 10111 bronze badge 2

• 2 There's not a plugin or install option, but you could go to wordpress, download the version of WP Core you're running, and completely replace the wp-admin and wp-includes folders from the fresh download. You may also want to look into security plugins which can compare your themes and plugins to the ones in the repo and warn you if any of them seem to contain malicious code. – WebElaine Commented Apr 2, 2019 at 21:46
• 1 The "My CMS" will be the blog title under Settings, General. No idea where that came from though! If you can't get into the dashboard then it's the 'blogname' row in wp_options in the database. – Rup Commented Apr 2, 2019 at 22:44

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

If you think your site got hacked, there are several (many) things you must do to 'de-hack' it. Including:

• changing all passwords (WP admins, FTP, hosting, database)
• reinstalling WP (via the Updates page) and then reinstalling all themes (from the repository) and plugins manually.
• checking for unknown files (via your hosting File Manager; if you sort by date, invalid ones should stick out because you updated everything).

There are lots of help in the googles on how to de-hack a site. I wrote a set of procedures that I use. It can be done, though, just takes a bit of work.