Then, Please sign in to your hosting account and review the following content and remove or fix the files listed
Lists 12 files
1st one is html/.htaccess
at end says call our security experts at 480-366-3501
I immediately changed my Wordpress password
I don't know how to remove files and could wreck the site if I try.
Is this legit?
Google safe browsing says my site is clean
Known Spam detected. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?spam-seo.spammy_keywords.1.103 <title>Online Pharmacy - No Prescription | Cialis Quale Dose</title>
"Online Pharmacy- No Prescription/ Cialis Quale"..SEO Spam
That is what a free securi scan found on my WP site.
Can anyone tell me how this happened and if this is dangerous?
I changed my WP log in password which was already very strong. Is there another password somewhere I am not thinking about which should be changed? I'm not that tech savvy.
Thanks for any help
Yes, this is a big problem, and changing your password will do nothing to solve the problem. That someone has changed your .htaccess file means they very likely have full uninhibited access to your server and can do whatever the hell they want with it.
Somewhere, somehow, someone has found a vulnerability in the code of your website or the operating system of the server and exploited it to inject code into your website. If someone can use your site to redirect folks to pharma spam, it can just as easily direct your site visitors to sites that inject malware into their computers. Google and other search engines will also de-list your site if you don't resolve it quickly.
This is also a big flag that says "hey everyone, my site is compromised!" which attracts other hackers to exploit your server and hijack it to send spam, execute ddos attacks, host malware, etc.. If you have any sensitive data on your website or connected services (PII, credit card info, personal files, etc) that data is at risk. Your site is also at risk of being totally trashed. And your visitors are also at risk of malware attacks.
You need to identify and fix whatever security hole that the hackers used to mess with your site, remove any malicious code that may have been added to existing files, and remove any files created by this attack. If you can wipe everything and restore from a known good backup, that would be a good start, then you'd just have to identify and patch whatever security hole.
Additionally, you should also update all of your plugins, themes, and WordPress core, and delete any old plugins or themes that you are not using. It would also be good to change the database passwords, login passwords, ftp passwords, etc. but bear in mind that password changing is useless if your site is still compromised and has vulnerabilities. You should also change your file and folder permissions using FTP or SSH to ensure that they are at an appropriate level of permission for the given folder.
After you have done the full cleanup, you should look into hardening WordPress. They have a great information page that outlines the best practices and procedures: https://codex.wordpress.org/Hardening_WordPress
If you don't know how to do any of this, I believe godaddy offers a service that will do it for you for a fee. Sucuri also offers a paid service as well.
This has been fixed. I paid Go Daddy the $89. for cleaning and one year of monitoring. All passwords have been changed.
My Wordpress site is a site for parking and information it is not an active blog.
Hence I had lots of old themes and plug ins not updated for a long long time which caused this.
The site is now clear from a Securi free scan as well. (It was not before).
So I have learned to log in at least once a week and make sure all is updated.