Highjacked Site

Keywords: WordPress - AWS - Technical issue - Other
bnsupport ID: df2db2ee-4ea8-3aa6-8745-5dcd58c19904
Description:
Redirected from site: pfworks.org/wp-admin.

I have a new problem. Site has been highjacked. Tried starting new topic, not given option beyond viewing old topics.

Hi @pfworks,

Did you install a new plugin/theme lately? Did you get it from a WordPress’ official source or did you get it from a different site?

I can see you have many plugins enabled in your system. If you are not sure if you got them from secure sources, please disable them using the WP CLI tool

https://docs.bitnami.com/aws/apps/wordpress/administration/use-wpcli/

You can learn more about the different commands here

https://developer.wordpress.org/cli/commands/

However, from the Bitnami Support tool, I found that the WP CLI tool returned a weird string mentioning one site “solo.declarebusinessgroup.ga” and I found that is a malware that affects WordPress

https://okeyravi.com/declarebusinessgroup-malware-fix/

Please take a look at that guide to resolve it or contact the WordPress support team (or the Wordfence one) to know more about it.

Happy to help!


Was my answer helpful? Click on :heart:

Hello,

Didn’t install any new plugins lately. All plugins came from secure sources, to my knowledge. Recently let Sucuri services expire, though the AWS DMS Zone was supposed to protect against this issue. I guess I misunderstood the implications.

Will your suggestions allow me to regain control of my site? Or is there something else I need?

Hi @ronniecanty,

You should regain access to the site if you disable the malicious plugin (if any) and remove the malicious code that is included in the WordPress’ code.

Okay, I don’t have the technical know-how to disable plugins without being inside the dashboard.

Hi @ronniecanty,

You will need to access the instance using a SSH connection

https://docs.bitnami.com/aws/faq/get-started/connect-ssh/

Then, this command will print the list of plugins

/opt/bitnami/apps/wordpress/bin/wp plugin list

If you want to disable one, just run this command

/opt/bitnami/apps/wordpress/bin/wp plugin deactivate NAME_OF_THE_PLUGIN_HERE

However, I think the other guide will be more useful for you. If you remove the malware code from the application, you will probably regain access to the site. You will need to access the instance using SSH and then modify the WordPress files you can find inside the /opt/bitnami/apps/wordpress/htdocs.

Great, I appreciate you. Learn of the issue via a google notification. It pointed me directly to specific code; however, it made no since at the time (I just recognized it as Japanese language).

About to go into surgery, will update you by Monday.

Thanks,

Sorry, had to look up the info. It was the Google Search Console that advised of Breadcrumbs on the site.

Okay, I disabled all of the plugins in my list and I am still unable to take control of my site. You referred to other guide, but I’m not sure which guide that is. Going to go through previous emails.

Thanks,

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.