Roy
(@gangleri)
Try to change the admin password (and user name) using the control panel of your host (find the wp_users table). Perhaps changing the cookies according to Whooami‘s suggestion. When you’re back in control, find out how the someone got into your admin.
Good luck.
Thanks Gangleri. After I posted my message I called my hosting company and they reset the email address connected to that admin account and I was able to get a new password.
I still don’t know how someone got into the admin in the first place… and am not even sure how to go about finding that out.
I am becoming increasingly frustrated with HostMonster, who is hosting the site, and have had more problems with them than any other hosting company I have ever used.
>Try to change the admin password (and user name) using the control panel of your host (find the wp_users table)
I suppose he meant through phpAdmin. You could, but you have to know how to decode the password that you enter. For example, if your password is hello35, what you see on a database is a combination of 32 characters and numbers, I suppose. I’m sure WP developers know better.
>I still don’t know how someone got into the admin in the first place
If your admin username is really ‘admin,’ then it won’t be difficult for them to guess the password, I suppose.
Roy
(@gangleri)
I suppose he meant through phpAdmin.
Either way. I just have a “cpanel”.
You could, but you have to know how to decode the password that you enter.
There are numerous websites to do that! Hackers use them to decode MD5 hashes and we use them to make hashes 🙂
lightfoot33; be sure to have an “uncrackable” password (not “hello35” or something). Change the “admin” to something else (make a new user, promote it to admin, degradate the old admin to user and delete it) and have a look around your files and error logs to see if you find anything fishy. Once hacked, your website will be difficult to make save again. The hacker might use your cookie to just log in again tomorrow if you don’t take care of things. Some script may be running on the website that sends passwords to the hacker or whatever. Not to make you scared to death, but take precautions and remember that once hacked, you have to clean up the mess, just like with a virus.
How to change your password manually in the database using phpMyAdmin:
http://www.tamba2.org.uk/wordpress/phpmyadmin/
Thank you SO MUCH for everyone’s help. I have taken your advice and made a new user, promoted it to admin, and deleted the old “admin” user.
This is actually the second time the site has been hacked. The first time was via an email address / script that was used to send spam.
I learn more each time, and would like a fresh start if possible. Would switching to a new hosting service give me that (a fresh start) or is it more tied to the domain name than the hosting company?
Roy
(@gangleri)
A fresh start could just as well be just a fresh installation. Delete all core files (except wp-config, otherwise WP can’t access the data) and upload them from a newly downloaded WP. In this sense “fresh” also means deleting all your themes, since the files may be compromised. In any case, what I advise you to do now and harden your WP. Have a good look at the file permissions, try some plugins and have a thought about the tips in that document. I’d say that being hacked twice is enough.
Thanks Gangleri. I will look into your (and everyone else’s) suggestions and begin working on implementing them. The reason I have been a little quick to blame the hosting company is because I have created about a dozen WordPress sites, and this is the only one that consistently has security issues.
Thank you again.
