Unable to login - Warning: Cannot modify header information

It looks like this site has been hacked. Wordpress version is the second most recent - issues discovered when I went to backup and upgrade to the newest version.

The site loads and then shows McAfee warnings when any internal link is clicked. It is not possible to log in. Attempts to login yield repeated "Cannot modify header information" errors and the Wordpress error of "Cookies are blocked due to unexpected output. "

Disabling all plugins from the control panel doesn't make any difference. As far as I can tell only the normal files and directories exist. I have full backups of the site saved with Updraft. Any advice would be appreciated.

The full error message is:
Warning: Cannot modify header information - headers already sent by (output started at /home/username/public_html/wp-config.php:2) in /home/username/public_html/wp-login.php on line 402

Warning: Cannot modify header information - headers already sent by (output started at /home/username/public_html/wp-config.php:2) in /home/username/public_html/wp-login.php on line 415

Warning: Cannot modify header information - headers already sent by (output started at /home/username/public_html/wp-config.php:2) in /home/username/public_html/wp-includes/pluggable.php on line 892

Warning: Cannot modify header information - headers already sent by (output started at /home/username/public_html/wp-config.php:2) in /home/username/public_html/wp-includes/pluggable.php on line 893

Warning: Cannot modify header information - headers already sent by (output started at /home/username/public_html/wp-config.php:2) in /home/username/public_html/wp-includes/pluggable.php on line 894

  • Vaughan
    • Support/SLS MockingJay

    Hi Tony,

    Hope you're well?

    Those errors don't really suggest you've been hacked. but they could be a symptom. Especially if you have actually disabled all other plugins, as it would usually be a plugin that caused it.

    If you are getting Mcaffee warnings though then that's a bad sign.

    I've never used Updraft.

    Have you tried scanning with an online scanner such as Sucuri? https://sitecheck.sucuri.net/

    If it's saying there's malicious files, then restoring a backup might be the best option, but be sure to delete everything from the server 1st, unless you want to scan through each file to see if code has been placed in them, or look for suspicious files. It's a big job, so backups are the easiest option (but you should check your backups too in case there was some malicious content there when you created the backup)

    But I would wipe it clean, and then install fresh and do a restore of the backup. Making sure to run a scan on the restored site to be sure.

    If you don't feel confident or sure though, it might be worth advertising for someone who has experience dealing with hacked sites to help you clean it all up.

    Hope this helps

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.