Photo by Shuvro Mojumder / Unsplash

When a Hacker Gets Hacked Back: My Morning with a Compromised WordPress Site

WordPress Security Aug 23, 2025

This morning started differently than usual. I was going through one of my friend's website — his WordPress website was hacked and completely inaccessible. I quickly jumped into action to see what was going on.

What I Found

On checking the server where the site was hosted, I discovered that the attacker had replaced the wp-config.php file with their own version. This file is the heart of any WordPress installation, holding database credentials and key configuration. By replacing it, the hacker redirected my friend’s website to their own site.

But here’s where they slipped up.

Instead of being careful, the attacker also left their own database credentials inside the file. That meant the site wasn’t just redirecting — it was completely broken. No site, no dashboard, nothing.

Turning the Tables

Since I now had access to their database credentials, I connected to the hacker’s database. From there, I:

  • Reset the super admin password to one of my own.
  • Logged into the WordPress instance that the hacker had been redirecting to.
  • Deleted all other malicious accounts that had been created.
  • Cleaned up some of the junk they had left behind.

Updated the homepage with a small surprise message:

“A warm welcome from India.”

The funniest part? I installed WP File Manager, a plugin that gives direct access to the server’s file system. Through it, I could now view, edit, or even delete files on their server.

Lessons Learned

While this incident ended on a funny note, it highlights a few serious points:

  1. Never leave sensitive credentials in public-facing files. One mistake can flip the tables.
  2. Plugins like WP File Manager are a huge security risk. Unless necessary, they shouldn’t be installed on production sites.
  3. Strong server monitoring is essential. Quick detection and response can prevent bigger disasters.
  4. WordPress security hardening is not optional. Keep WordPress, themes, and plugins updated, use strong credentials, and enable a firewall/WAF.

Final Thoughts

What started as a stressful morning turned into an ironic twist where the hacker’s own carelessness became their downfall. For me, it was a reminder that in security, small mistakes can open big doors — sometimes in unexpected directions.

Tags

Orendra Singh

Versatile Full Stack Developer driven by curiosity and a thirst for knowledge, continuously learning and pushing boundaries to deliver exceptional software solutions.

Recommended for you