WordPress blogs can get hacked into fairly easily if the host has software that is outdated. Another thing that can put your WordPress blog at risk is if you don’t update the site and the plugins.
A friend of mine who is an art teacher at the local high school had her site hacked. She really didn’t have a clue how to fix it. Part of her problem was the hacker somehow got into the cpanel of the website where it was hosted (on Blue Host). Since that time, Blue Host may have increased security and they did send my friend a new, more secure password.
The hacker had made the home page say “by real_Karizma” and also made it impossible to edit any posts within the WordPress dashboard. When I logged into the cpanel, I was quite relieved to find that all the files and the databases were still there. Fixing the home page back to normal was easy. I replaced the index.php file that was in the folder of the theme that was in use. Fixing that file made the site look back like it should have when viewed in a browser. What took a bit longer to figure out was why, when logging into the WordPress site and not being able to see the entire dashboard. I was seeing the dashboard the way a user might see it if they did not have the administrator role.
I really didn’t want to take the entire site down, reinstall WordPress software and then restore the database to get all the content for the blog back on the site. My shortcut to this was to log back into the cpanel on the host and look at the database tables. (I backed up the database first using myphpadmin.)
Looking at the database tables in myphpadmin I noticed that there was data for the wp_users with the hacker’s name and email address. I deleted that user. That left the original user listed but the field code on the right side of the table had the number 2. I guessed (and it seemed to be a correct guess) that if I just changed that number 2 to a 1 that the user would have all the administrator roles assigned to them. To my delight, just changing that number in the database table fixed the problem!
The next thing to do was to update the blog to the latest WordPress version. Again, I lucked out that the plugins in use were compatible and the blog was still functioning correctly.