My client’s site got hacked

  • Unknown's avatar
    russellrc94 · Member ·

    My client’s site got hacked. He can’t even access the admin portal because they set up a redirect on the portal link. His site is completely down. His hosting provider is WordPress.com. If you all can’t find a way to fix this for him I’m going to tell him he should go to Wix.com and completely rebuild his site there because they are obviously way better than you at security. I’m floored you let this happen to this guy.

    WP.com: Unknown
    Jetpack: Unknown
    Correct account: Unknown

  • staff-blorbo · Staff ·

    I don’t see any WordPress.com sites under your account here.

    What is the URL of the site with the problem?

    NOTE: We can only assist with websites hosted here at WordPress.com. If you’re using the WordPress software, but hosted elsewhere, you will need to reach out to your hosting provider or the WordPress.org community for guidance: https://wordpress.org/support/

  • Unknown's avatar
    russellrc94 · Member ·

    When I created the post, I chose not to make the website publicly known for security reasons because it has already been hacked. I had no other choice to reach out to this form because there’s no other way for me to contact support, another horrifyingly bad and ridiculously unnecessarily stressful thing about WordPress. Since you’re staff, aren’t able to see the link I included with this post? When I filled this out it said that support could see the link. Unless staff is different than support.

  • staff-blorbo · Staff ·

    Since you’re staff, aren’t able to see the link I included with this post?

    No, because you did not include a link, and as mentioned “I don’t see any WordPress.com sites under your account here.”

    Are you sure it was a site hosted here at WordPress.com, and not a site using the WordPress software (from WordPress.org) hosted elsewhere?

    NOTE: We can only assist with websites hosted here at WordPress.com. If you’re using the WordPress software, but hosted elsewhere, you will need to reach out to your hosting provider or the WordPress.org community for guidance: https://wordpress.org/support/

    If you are sure it was a site hosted here at WordPress.com, we will need to know the site’s URL to proceed.

  • Unknown's avatar
    russellrc94 · Member ·

    Are you a bot or are you a human capable of reading my post? If so can you send me a way for me to contact you about it privately so that I won’t have to make it my clients site public on this forum since it has already been hacked.

  • staff-blorbo · Staff ·

    I am a human capable of reading your post, yes.

    We offer forum support for all users on our free plan, email support for all customers with paid plans, and live chat support for all customers with Premium and higher annual paid plans: https://wordpress.com/support/help-support-options/

    Visiting https://wordpress.com/help/contact will always connect you with the highest available support option for your plan.

    As there is no paid plan under your account here, we cannot offer private support, but we’d be happy to help you here, or at least direct you to the right support for your issue.

    Are you sure it was a site hosted here at WordPress.com, and not a site using the WordPress software (from WordPress.org) hosted elsewhere?

    NOTE: We can only assist with websites hosted here at WordPress.com. If you’re using the WordPress software, but hosted elsewhere, you will need to reach out to your hosting provider or the WordPress.org community for guidance: https://wordpress.org/support/

    If you are sure it was a site hosted here at WordPress.com, we will need to know the site’s URL to proceed.

  • Unknown's avatar
    russellrc94 · Member ·

    Ok then I’m going to re-explain everything you didn’t read. My client’s site got hacked because he chose to host it through WordPress.com and your security is the worst of all time. When I was originally filling out this post, it asked me “what is the website you’re referring to?” I gave the link of my client. I clicked the box that says “keep my website link private. WordPress support will be able to see your link but it will not be made public.” Either WordPress lied about WordPress support being able to see that link, or your status is lying about you being staff, or you are lying about whether or not you have access to that link, or you are lying about being a human being able to reason and help solve my problem. So who lied?

  • staff-blorbo · Staff ·

    he chose to host it through WordPress.com and your security is the worst of all time.

    We take security very seriously here: https://wordpress.com/support/security/

    When I was originally filling out this post, it asked me “what is the website you’re referring to?” I gave the link of my client. I clicked the box that says “keep my website link private. WordPress support will be able to see your link but it will not be made public.”

    The field was definitely left empty when this was submitted.

    Either WordPress lied about WordPress support being able to see that link, or your status is lying about you being staff, or you are lying about whether or not you have access to that link, or you are lying about being a human being able to reason and help solve my problem.

    I’m not lying about anything here, and such suggestions really aren’t helping anyone help you.

    If you’re not convinced I’m staff here, you’re welcome to look me up at https://automattic.com/about/

    So, again, are you sure it was a site hosted here at WordPress.com, and not a site using the WordPress software (from WordPress.org) hosted elsewhere?

    NOTE: We can only assist with websites hosted here at WordPress.com. If you’re using the WordPress software, but hosted elsewhere, you will need to reach out to your hosting provider or the WordPress.org community for guidance: https://wordpress.org/support/

    If you are sure it was a site hosted here at WordPress.com, we will need to know the site’s URL to proceed.

  • staff-blorbo · Staff ·

    Circling back to the original message:

    His site is completely down. His hosting provider is WordPress.com.

    One way around this is to ask your client to contact us via https://wordpress.com/help/contact

    If they do have a WordPress.com site, we’ll be able to see it under their account without having to ask for it specifically.

  • Unknown's avatar
    russellrc94 · Member ·

    Ok apparently the only way to keep his site private is to have him do it himself. I’ll see if I can have him reach out to you then. I’m surprised there’s not a secure way for me to ask for help on his behalf – oh wait, no I’m not surprised. We’re talking about WordPress.com. Of course they’re going to make things way more difficult than they have to be.

  • staff-blorbo · Staff ·

    We’ll keep our eyes out for their support ticket and assist them as soon as we can.

  • The topic ‘My client’s site got hacked’ is closed to new replies.