Hacked after installing WP Security Scan plugin


Solution:

If something similar should happen to you, fast reaction is a must.

  1. Logon to your WordPress server and check /usr/share/wordpress/wp-config.php (make a backup)
  2. if it is corrupt, copy

    wp-config-sample.php to /etc/wordpress/wp-config.php

  3. edit it and provide the data in question
  4. you should remember the password for the database, the database user, and the new $table_prefix you’ve been asked right before the mess began
  5. if you don’t know the DB_NAME anymore, look it up with

    mysql -u root -p
    Enter password: *******
    show databases;
    +--------------------+
    | Database |
    +--------------------+
    | information_schema |
    | mysql |
    | mywpdb |
    +--------------------+
    3 rows in set (0.00 sec)

  6. now quickly check the file permission of wp-config.php. It should be 644.

    chmod 644 /etc/wordpress/wp-config.php


Usually your Blog should look the way it looked before, and nothing should be missing. If your Blog was defaced, then you could try to remove the entries in the tables prefixed with ‘wp_‘.
It took me about 20 minutes to fix the problem, and I only discovered the defacement, because I’ve added my own RSS feed to my Google’s start site. There I saw the defacement the first time at all.
And what do we learn? Yes – reading documentations is a good thing sometimes 😉 – And fix your problem fast, because they are also.