My primary wordpress site on shared hosting server was wide open for hacks after defender tweaks

After setting up the hardening options for WP Defender the primary domain on my shared hosting is not showing the site, nor can I go back in the admin area.

But worse then that, the main page led to a wordpress signup url
http://dj-meme.com/wp-admin/install.php

It asked me for a language of choice after which I could install wordpress. This means anyone could have gone there and made a new wordpress and in the process overwriting/deleting the original site. My hosting provider told me that this could actually happen so now I have asked them to take the user to a landing page.

however, now my site is basically dead. And the same thing happened to another website which was also primary domain on shared hosting and that one is even more dead than dj-meme: http://www.dj-pedia.com Also mentioned that in another thread but nothing has workded so far. The DJ-Meme thing is especially critical since this could perhaps happen to other people and then they are at the risk of getting their site deleted by whomever whether intentional or by accident.

please help

  • Sajid

    Hello WSeattle,
    Hope you are doing good today :slight_smile:

    I am sorry to hear you are having such serious issue. Immediately what you can do to get your site back is restoring the site prior to the change you made on your site.

    If you don't have the backup then, you would have to connect your site with the database.

    What you need to do is, find the current database name, database user name, host, password and database tables prefix.

    Once you have this information, edit wp-config.php file and insert the information there accordingly. You can find more details and steps on how to change these values in wp-config.php file here:
    http://www.wpbeginner.com/beginners-guide/how-to-edit-wp-config-php-file-in-wordpress/

    It is always recommended to take full backup of your sites first before hardening the sites with any plugin or interacting with database using any plugin.

    In case, you can't fine backups neither could manually update the details in wp-config.php file then please send in FTP and WordPress admin details and I would try to get it back.

    Also, please tell me what change you made exactly prior to your site went down/inaccessible.

    You can send the requested details via our secure contact form in following format.

    Subject: "Attn: Sajid Javed”
    - WordPress admin username
    - WordPress admin password
    - login url
    - FTP credentials (host/username/password)
    - link back to this thread for reference

    Make sure you select "I have a different question" from dropdown as seen in attached screenshot so it get assigned to me and sent privately (otherwise it will posted in public form - so its important):

    Take care and merry Christmas :slight_smile:

    Best Regards,
    Sajid

  • WSeattle

    Hi Sajid

    thanks for the help . I applied this to one of the sites: http://www.dj-pedia.com. went into wp_config file.

    Now the site is back online. Only problem is that I cannot get into the back end admin section.

    when I try http://www.dj-pedia.com/wp-admin I get an error saying "Sorry, you are not allowed to access this page."

    through defender I had updated the prefix of the database, and some research leads me to think this has something to do with it, but I cannot really figure it out completely though. Help is appreciated :slight_smile:

  • Rupok

    Hi WSeattle,

    This is really weird and should not happen. However, I guess, some capabilities settings got messed up somehow. I could digg further in your database to fix the issue but for doing that, I'll need your cPanel access. Can you please send me message with cPanel access credentials through our secure contact form here: https://premium.wpmudev.org/contact/ in the following format?

    Subject: "Attn: Rupok"
    - cPanel Username
    - cPanel Password
    - cPanel Login URL
    - Link back to this thread for reference
    - Any other relevant URLs

    Select "I have a different question" for your topic. This and the subject line ensure that it gets assigned to me.

    I'm looking forward to hearing from you and resolving this issue as soon as possible.

    Have a nice day. Cheers!
    Rupok

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.