It looks like GoDaddy is enforcing strict password norms for the database access. Try changing the database password – a guide will popup ticking away the mandatory requirements. The problems on my clients’ customized sites on GoDaddy were solved by doing so.
Many of my WordPress sites have been attacked by this xxx-hacker. The first thing this hacker does is try to login as admin using multiple tries. Once it succeeds, the user name is changed to xxx-hacker and the password is also changed. So, now you cannot login to your site and you can’t even reset your password.
If by chance you are still able to login as admin then you are in luck, as the attack hasn’t happened yet. But, prevention is better than cure. So, immediately (as in NOW), update your WordPress installation, and install/enable the Limit Login Attempts plugin. This is the most important thing you need to do to stop this hacker, because this is somehow related to the hacker gaining access to your server files. Also, immediately after this change your server passwords – especially, ftp and mysql.
At this stage I don’t know if the ftp password is being deciphered, but I have seen strange folders and files turning up in the sites’ public/html documents area. There are at least 3 different type of actions performed by these files. (1) Phish for email passwords (2) Phish for financial passwords (3) run a script that logs in to some site(s) using series of passwords. One common thing I have noticed is that the plugins folder in all hacked installations has one new folder – helo – which contains script to send the phished data to the hacker’s mother computer. Change permissions of this “helo” folder to 777 and then delete it.
Things to do in your MySql database
If not yet attacked: stop user registration or updation using triggers. This is like a chastity belt. The filthy sucker of a hacker can tear your WP-clothes, but can’t penetrate your DB-bastion, thereby preventing spawning of further filth. Contact me for modus operandi.
If attacked: rename admin user to a word other than “admin” and change password to a 16 character word in MD5 format, then stop user registration or updation as above using triggers. Contact me for help.
If your site needs user registrations, handle them yourself, manually. If you don’t have time for that and are a very big site, then you should enlist service of someone who can provide proper security.
To be cont’d…
Google does not index your site as soon as you update it. The update frequency is unknown generally. However, frequently updated sites like news blogs etc., get indexed within hours or minutes and some reputed sites even get indexed instantaneously. You should wait a few days like 2 or 3 weeks and check again. If your site has facility to submit sitemap (via google webmaster tools), you should do so, which will hasten the next google crawl of your site.
This global brute force attack on self hosted WordPress sites has been going on for past few days. I am going to address different cases and attempted solutions here. Please bookmark this Q&A and check back for new case studies.
One site came to my notice today, where the users could not login because the login or admin page got redirected to a page that output “not acceptable“. I checked the .htaccess file and it seemed to have non-standard statements, which neither the developer nor the site-admin remember putting in. So, we removed the extra statements and retained only the default WordPress generated htaccess statements and the site was back to normal.
…to be cont’d…
Ah there! Did you by any chance turn off the “Show Map” option in your page info?
According to facebook garden logic you should recommend others around you (your location!) – so your page should show the map (of your location), then only your recommendations will show.
Go to Edit Page > Update Info > Check “Show Map” option below your physical address – obviously, a physical address is required too!