Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
Hi folks, I am wondering if anybody can help me here, I have a wordpress site which is now showing the following
"hacked by Magico ... www.facebook.com/magico.sec"
Does anyone have a fix for this please.
Most likely got in via the REST API they enabled by default in 4.7.
If you're super lucky, the API may have created a revision (I've never looked at the API code), but it's a long shot.
If your just a little lucky, they won't have touched the content and only the title, so it's just fixing all your title fields.
If your not lucky, then your content is gone, but you may have some older revisions in-tact containing most of the content you did have
If your unlucky, then your content is gone and you have no revisions, restore from a backup.
If your unlucky and very silly, as above applies but you forgot to set up some sort of backup system didn't you? Pretty much start from scratch.
If you do get it fixed, update your wordpress and plugins (and keep them updated), it won't save you from zero-day exploits, but it reduces the risk considerably.
If you want me too take a look for you, drop me a PM (I will need your hosting and database login details too look into it, so if you're not comfortable sharing sensitive information with a complete stranger, don't PM me, there's nothing I can do without them)