cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
MarceloTodaro
Getting Started

My website seems to have been hijacked!

Dear experts,

 

My WordPress website http://marcelotodaro.info vanished from cyberspace! When trying to access it, it's redirected to this URL:

http://2jsfreshmarket.com/wp-content/plugins/wp-firewall/1/tds.php

 

But I can access the admin area normally at http://marcelotodaro.info/wp-admin

 

Does anyone have a tip for me?

 

Thank you in advance.

 

Marcelo

2 ACCEPTED SOLUTIONS
webdiva
Advocate VI

Assuming you can actually log into the WordPress installation, first thing is to change all of your passwords, just in case someone has figured out how to get into your account. That would include GoDaddy, FTP, and WordPress passwords.

 

Then install Wordfence (free plug-in) which can scan and find certain issues (such as WP Core files or plug-in files that have been changed). 

 

If you are not running the latest version of WordPress, and all plug-ins, install updates. Sometimes there may be a vulnerability in a plug-in which is being exploited, but an updated version of the plug-in may fix that problem.

 

Then consider buying/installing Sitelock, which is a few bucks per month, but also scans and traps/removes all sorts of malware and other Bad Boys. 

 

View solution in original post

Hi @MarceloTodaro,

 

@webdiva is right on the mark.  Add this little security detail.  Get an SSL and configure your site to automatically use the https:// once your visitor lands on your home page.

 

Hope this helps,

James

Not Just Pretty Sites, Pretty Doggone Smart Sites

View solution in original post

9 REPLIES 9
webdiva
Advocate VI

Assuming you can actually log into the WordPress installation, first thing is to change all of your passwords, just in case someone has figured out how to get into your account. That would include GoDaddy, FTP, and WordPress passwords.

 

Then install Wordfence (free plug-in) which can scan and find certain issues (such as WP Core files or plug-in files that have been changed). 

 

If you are not running the latest version of WordPress, and all plug-ins, install updates. Sometimes there may be a vulnerability in a plug-in which is being exploited, but an updated version of the plug-in may fix that problem.

 

Then consider buying/installing Sitelock, which is a few bucks per month, but also scans and traps/removes all sorts of malware and other Bad Boys. 

 

View solution in original post

Hi @MarceloTodaro,

 

@webdiva is right on the mark.  Add this little security detail.  Get an SSL and configure your site to automatically use the https:// once your visitor lands on your home page.

 

Hope this helps,

James

Not Just Pretty Sites, Pretty Doggone Smart Sites

View solution in original post

Yeah, @webdiva, Wordfence managed to get my site back. Precious tip. Thanks a lot!

 

And thanks @JMPepper for yours as well. I'll do that ASAP.

 

Cheers!

 

Marcelo

@MarceloTodaro, glad that WordFence did the trick! To be really covered as well as possible, all of the other items make sense too.

 

I realize that SSL and Sitelock are not free, but they are relatively inexpensive insurance policies, compared to the hours of wasted time (and potential negative impact to business) if you have to recover a hacked site.

 

Now that your site is back up and running, it would be worthwhile to look into both of those (if money is limited, I'd do Sitelock first, SSL second).

 

@webdiva, you're right about SSL and Sitelock. I'll have a careful look at them in the near future.

 

What amazes me most in this case is that those criminals use the name of an apparently legitimate web service provider (Flywheel) to spread their attacks. I haven't been able to find any complaints against Flywheel, nor any mention to the "477 error" or portions of the error text message in any online post or page from people asking for help as I did. Would it be possible that the attack is so new that it's not yet referred anywhere and I was one of the first "lucky" targets?

 

Note that the page to which the hack originally pointed is now empty.

 

Best regards,

 

Marcelo

Malicious hackers often work both ends of the attack.  One getting to your site and then on the outbound spoofing what of appears to be a legitimate site.  What you see as urls, etc during an attack may not at all reflect the IP addresses and redirects at the site where you landed.  Also, keep in mind that some attacks have been known to change the .host file on a pc so that when you type in an valid address it takes you to a whole different site. 

 

No matter how  you look at it, protecting your web property is a must these days.

 

James

Not Just Pretty Sites, Pretty Doggone Smart Sites

Someone hijacked my url which I bought through Godaddy and all the help i can get is to buy yet something else. All I want is a refund for the service I did not receive. How do I get that?

hkhasib
New

You can deactivate all plugins and change the theme and see what happens. Don't forget to change your password. If possible, Backup your database and all images of website. Then reinstall wordpress and import database and images. It is always better to install an ssl. You also can purchase sitelock premium and enable smart scan. WHich will delete any malicious codes automatically.

OK, @hkhasib. Thank you for your contribution. Smiley Wink

 

Best regards,

 

Marcelo