My website has been hacked

My domain name is and it’s been hacked yesterday. The homepage was saying that it was hacked by Galaxy Xploiter Team.
Though my site was hacked I could log into my WordPress account. But I couldn’t log out from it. It was displaying a white screen and at the top left corner, a message ‘Fucek’ was displaying. But after some time my WordPress account also went inaccessible.
Though my WordPress was accessible for some time I found a new plugin named ‘File Manager’ installed. I don’t know if the hacker installed the plugin.
After when my WordPress went inaccessible it was also displaying ‘Fucek’ on the top left corner of the screen.
How did they manage to hack my website? They didn’t hack my InfinityFree, Cpanel or FTP account credentials. Because all are still accessible and no change have made and even I haven’t changed my password.
As my WordPress was accessible and after some time it went inaccessible, is there any chance that they manage to get my WordPress password or they just broke my site by an attack?
I immediately deleted my site and deactivated my account as there was no important files. But how did they hacked my site? Have they got my WordPress account password and associated email account address or they just broke it?

Code injection, cross-site attacks. Many ways are possible. And remove everything that you don’t know and backup your wordpress site and do a clean install.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.