Coming Soon

Custom Facebook Fan Pages - for a preview click here

Online Tuition

I offer online Wordpress tuition and support for my Atahualpa Theme tutorial via Skype. This costs $40 per hour (approx £25), with payment via Paypal. If you are interested, . I will give you my Skype username and we can agree a time.

Wordpress hacked - just see hacker's message

A few months ago several of my WordPress sites were hacked.  I’ve just read a message on a forum that I belong to (The Warrior Forum) from someone who has had a similar experience.

My sites “disappeared” and were replaced by a message from the hacker.  In my case it was a smiley face and in the case of the forum member it was a political message.

How can you fix this?{+}

DON’T PANIC.  Usually it just the index.php files that have been replaced.  This is how I fixed all of my sites that were hacked (including this one that you are reading).

1 htaccessIf you use Fantastico in cpanel to install WordPress, just ask it to install in a new directory (which fantastico will create).   This fresh install contains an uncorrupted set of index.php files.  If you install WordPress manually, create a new folder or subdirectory and install it in that.

Now – use your ftp software to transfer the index.php files from this fresh installation of WordPress to your computer.  There could be six or more of them at different levels in your site, so you will need to do a bit exploring.   Rename them as you go – something like index1.php, index2.php – anything that will help you remember where they came from in your fresh install.

Now use your ftp software to connect to the hacked site.  Explore to find the hacked index.php files (you can usually tell which ones were hacked by looking at the date on them).  Each time you find a hacked one, use your ftp software to upload the corresponding one from your computer.  Then, delete the corrupt files, and rename the ones you have just uploaded to index.php.

5 indexphpIf you still see the hackers message – for example when you log into your admin area – then it is likely that either you need to replace the index-extra.php file too – or you have missed an index.php file.

(If you look at the first screenshot, you will see that this is from one of my hacked sites.  I took this when the attack happened.  You will see that I have uploaded a file called index1.php (the one I ftped to my computer from the fresh install of WordPress) and you can see the hacked index.php file waiting to be deleted)