Home Forums Archived Forums Weaver II Theme My Site has been hacked

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #19947
    SanDesign
    Participant

    Hi there, I’m looking for advice. I can’t log into a very old client’s WP site. They’ve just asked for help again, and not sure where to start e.g. manually reinstall WP, and then manually reinstall Weaver II … however, seems the version on client’s website is quite old i.e.

    Theme Name: Name
    Theme URI: http://weavertheme.com
    Description: Weaver II Child
    Author: Bruce Wampler
    Author URI: http://weavertheme.com/about
    Version: 1.2
    Tags: custom-header, custom-colors, custom-background, custom-menu, theme-options, left-sidebar, right-sidebar, fixed-width, three-columns, two-columns, black, blue, brown, green, orange, red, tan, dark, white, light
    Template: weaver-ii

    Would someone be so kind as to advise? The site is still live and fine, even though we cannot log into wp-admin.  I can see and download/upload files via FTP or cPanel. Although, I’m a little reluctant to start changing things as I don’t want to break the site as it is quite important to client’s business at the moment.

    Thank you, SanDesign

    #32687
    Weaver
    Keymaster

    Unfortunately, one of the problems with not updating a site with the latest versions of WordPress, plugins, and themes is it leaves the site open to hacking.

    Usually, hacks do not involve the database, but it sounds it is possible the DB has been hacked since you can’t login to the admin. The site should be re-installed from scratch.

    If the admin password has been hacked, then you could try the standard WP “forgot password” password recovery to see if you can reset it. Then you can do the normal sequence of restoring a site.

    There should be information on restoring a site to be found via Google, but try this sequence at the least. This assumes you figure out how to get access to the admin again.

    1. From cPanel, download a copy of your database.
    2. Reinstall WordPress – be sure to update to the latest version (4.7.2)
    3. Reinstall all the plugins.
    4. Reinstall the latest version of Weaver II – it can be found on the https://weavertheme.com/download page. All versions of Weaver II are settings compatible. I’m not sure what to do about your child theme. I may have been hacked, but probably not.
    5. The site should be back to working now.
    6. Install WordFence and let it scan all your files.
    7. Keep WordFence active, enable its protection measures, and keep the latest updates installed.

    Be sure you keep regular backups of the site so it can be restored if this happens again.

    #36495
    SanDesign
    Participant

    Hi there, I so appreciate your feedback and just now realised there was a reply.  So you are quite certain it is ok to reinstall the latest version of Weaver, even though there was a very old version running in this site?
    Thank you again.

    #37303
    Weaver
    Keymaster

    That really should be fine, although I see the site is using a child theme which may complicate things a bit.

    But:

    Doesn’t the standard password recovery work for the admin?

    If the problem is the admin was using an obsolete e-mail address, there is a much easier fix.

    You can really edit the mySQL database directly using phpMyAdmin from your cPanel.

    Open the ‘wp_users’ table. You’ll see a list of users, one of which should be the Admin. You can edit the ‘user_email’ field directly. You can also usually fake-out the ‘user_pass’ field. If you have another site, or even know the login password for a different user on the site, you can copy the password from one to the other, and it should work.

    Note: I unset the private option on your reply. There really is nothing confidential there, and this whole thread might be useful to other users.

    #38000
    SanDesign
    Participant

    Hi, I am a little confused, when you say to download and install the latest version of Weaver II here i.e https://weavertheme.com/download

    Are you referring to …  Weaver Xtreme – Latest Version

    I believe the version of Weaver used on this old site is Weaver II 2.1.12.

    I’m just trying to reinstall everything now. And I can login and fixed some shortcodes for WPPA, so all seems to be working fine in the backend as well as the frontend, but I am investigating and still finding more files in the wp-content folder that contain corrupt code even though I manually cleaned most other files/folders a few weeks ago.

    Guessing I still need to install latest WP and wondering if I can do this from within Admin, or best to do via cPanel or Installatron?

    Your advice on proceeding would be most appreciated.

    Thank you, Sandra

     

     

    #38111
    scrambler
    Moderator

    if you go to

    https://weavertheme.com/download

    There is a link to download the latest Weaver II version 2.2.4

    #38208
    Weaver
    Keymaster

    Sorry – the versions needed are listed on the general plugin page if you read the boxes there.

    But, to update Weaver II, click these links to get the specific download pages:

    Weaver II

    Weaver II Theme Extras

Viewing 7 posts - 1 through 7 (of 7 total)
  • The forum ‘ Weaver II Theme’ is closed to new topics and replies.