: Header.php wordpress install injection on godaddy.com Every few months I notice a warning in Google results that my site maybe compromised. Sure enough when I check the header.php file is full

@Nimeshi995

Sadly this is a recurrence on GoDaddy as I have learned over the years and one of the reasons for my important sites I moved over to cloud hosting rather than shared.

The thing is with GoDaddy the customer service actually really sucks in technical knowledge, in my case I insisted that the hackers got though there system and not my WordPress since listen to this:

I setup 3 databases, one for Joomla and one for WordPress... The 3rd was just a spare and unused.. (Never saved on server). As you know the SQL servers that GoDaddy use are remote and not actually on the same hosting account as yours. I was suprised to find a init.php which the hackers planted on my site.. Inside this init.php file was connects to the SQL databases and I was mega shocked to find that the 3rd unused database was in that file along with the password even though I had never used it, stored on the server so the only way would be if I had a key logger on my PC at the time (which I didn't) or the system had been hacked.

Anyway rant over and onto the fix.


Make another administrator account that doesn't use admin as the username and delete that account, there are many brute force hacks which hammer WP installs using default username.
Ensure you don't have a connect.php, init.php or any other file that the hackers are using to connect to the database.
Remove any non-required plugins in WordPress, the more code you have the more the hackers have to toy with.
Always keep WordPress up to date hackers are always find new ways in so its important to check this regularly. Furthermore check the plugins updates too.
Do not under estimate the power of CHMOD, your files are being injected because your settings are allowing them. I recommend you use something like CHMOD 555 recursively on all folders and files within wp-content/themes/ these are generally the files hackers go for first since they are easy to edit and plant unnoticeable backlinks.
Another Popular hack on GoDaddy is .htaccess redirects, make sure your htaccess chmod file is 444 read only.

Vote Up Vote Down

@Gail5422790

If your wordpress installation is getting hacked, it is due to one of several reasons:


Your installation is not at the latest version. Upgrade.
One of your themes has a vulnerability. Upgrade it or delete it from your installation. Note, a theme doesn't need to be active for it's php code to be triggered remotely.
One of your plugins has a vulnerability. Upgrade it or delete it from your installation. Note, a plugin that is disabled can still be hacked.
Your version of PHP, Apache, or Mysql may have an issue.
The hosting environment might have a security issue.


From your post, it's hard to tell where it could be coming from. If you are hosted via GoDaddy and upgrading the Wordpress site isn't an option and you don't want to host it on your own server, then I suggest hosting through Wordpress themselves and pay so you can have your own custom domain.

If you are not hosting on GoDaddy and you can upgrade the base install, then do so. But since you've been hacked once, I would:


Do a full dump of your database, checking it for any potential problem records.
Starting with a clean VPS/server, install a new copy of Wordpress and slowly re-add your content and plugins.
Backup regularly and monitor for file changes.


Basically, once your site has been hacked, I would suspect any files on the box.

Vote Up Vote Down