hey!
I don't know where I can find someone who might help me find a solution, so I try my luck here.
I have a website via checkdomain host and use WordPress, and elementor, as the builder. I am not a programmer.
My website was online around two years.
a few weeks ago my site was hacked and my host deleted all my webspace to make sure nothing is in there anymore.
Since then, I try to rebuild my website and have all sorts of different problems.
I have a mail conversation with around 40 mails back and forth with my host, who is willing to help but has not much experience in php. wordpress support is only reachable if they are the host, this sucks!!
After the first days of work my host found another dubious code in my index.php file, so we loaded a backup from a few days before.
since then I get many error messages for all kinds of wordpress php files, I tried to replace many of them with the root code, but the next time I open the wp dashboard, it is just another php file with the same or similar error message.
they look like this and belong to different lines on different php files:
Warning: filemtime(): stat failed for /var/www/vhosts/iceivvnn.host246.checkdomain.de/mywebsite.com/wordpress/.htaccess in /var/www/vhosts/iceivvnn.host246.checkdomain.de/mywebsite.com/wordpress/wp-includes/fonts.php on line 292
My host said this could be caused by a hack, which is not getting through my security plugins
I use two security plugins. wordfence, and bullet proof.
bullet proof warns me that their code should be on top of the root htaccess file, but there is not any bp code in my htaccess file, and I do not want to touch the htaccess file wothout any knowledge of what to do.
wordfence on the other hand just tells me to pay for the full security every 12hrs..
I do not know any php or wordpress programmer and I really do not understand why wordpress' support is only contactable via payed subscription.
I am searching for a solution to make sure wtf is even going on. How should I find the problem? How can there be so many error messages of all kinds of php files without me ever touching it? How can I make sure that I've been hacked and how can I get rid of it?
Any experience with the bp security plugin and htaccess error message?
Right now my website is not reachable – 404 error, so I am waiting for an answer of my host to check wtf is going on again.
sorry for this long post, If I would know the problem, it would be much shorter.
Hi there, it might be time to hire someone to find the malicious code and plug the vulnerability and get your site up and running. It sounds like you have a lot of issues going on. Here is the Wiki for this sub that explains steps to take if you’d like to try it yourself, however:
[https://www.reddit.com/r/Wordpress/wiki/index/#wiki_been_hacked.3F_don.27t_panic.21](https://www.reddit.com/r/Wordpress/wiki/index/#wiki_been_hacked.3F_don.27t_panic.21)
It’s hard to know the vector in your case, but it could be an out-of-date plugin, reused password, breached hosting account password, etc…
Second, it’s worth noting that WordPress.com is just a WordPress host, similar to Checkdomain. WordPress is open source software, so WordPress.com would not provide support for your self-hosted WordPress site just like checkdomain wouldn’t provide support if you hosted at wordpress.com.
Third, you do not need two security plugins, and even with two security plugins that doesn’t make you bulletproof. Malware is even written to bypass these plugins. Your best bet is to keep your site up-to-date (plugins and core), enable 2FA where supported, never reuse passwords, and only use plugins from trusted vendors.
If this were me, I’d download the entire site locally and set it up, replace WP core and all plugins with their latest versions, manually inspect .htaccess and wp-content directories and scan the site with Wordfence, and check the database for anything suspicious like hidden user accounts. If you haven’t been keeping your plugins up-to-date you may have issues with adding the newest versions as well that might take some debugging. This would depend on what plugins you’re running.
In addition, I’d change EVERY password on your host – your portal login, SFTP, MySQL users.