My wordpress blogs (x2) have been hacked twice in the last week. Is there a security hole in the current version I don't know about? Please help! Anyway to prevent this?
I don't think changing the host would make a difference. Only the wordpress sites were hacked and not all of my sites. Thanks. Just installed the most recent update, see if it helps.
Its pretty tough to identify the reason and giving solution for the hack. Is it Mysql injection? Iframes? or XSS vulnerability? because 2.8.2 wordpress was having XSS attack security issues. Try to upgrade your wordpress setup to latest version, Else give them a try How to secure your wordpress installation & This
I don't know what XXS vulnerabilities are but I'm assuming this was the issue. I was running 2.8.2 until a few moments ago and have just upgraded to 2.8.3. Hopefully this should help.
Hi, Do the following: 1) Change your DEFAULT user login to ANYTHING but "admin" 2) Change your wordpress DB table prefix to something besides "wp_" which is the default. 3) Download a plugin called "Bad Behavior" http://wordpress.org/extend/plugins/bad-behavior/ Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site's load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers. 4) Down load a plugin called "wordpress security scan" http://wordpress.org/extend/plugins/wp-security-scan/ Scans your WordPress installation for security vulnerabilities and suggests corrective actions. -passwords -file permissions -database security -version hiding -WordPress admin protection/security -removes WP Generator META tag from core code Do the above and also have the most recent version of WP installed and you won't get hacked. Hope this helps.
@ sundaybrew - thanks i'll check out everything you have suggested. Should help I would imagine. The main problem was that my sites were on 2.8.2 still which had a security vulnerability. :/
dont overlook the obvious.. if you have FTP/root/cPanel access to the server, change all your passwords and make sure they are 'strong' - for example, instead of passwords like "iloveMydog", use "8ej4%gjcbd#WSx4%1`Qa"; and store those passwords in a secure place. and, for accessing the server, make sure you use SFTP instead of FTP and SSH instead of Telnet (if you use either)..
Contact host about this issue. I think theres a hole in the host because my wordpress blogs haven't been hacked.
Use Wordpress GD Press Tool plugin and Have High degree security for your FTP password and wordpress Password
create a .htaccess file in wp-admin Deny all Allow from xx.xxx Code (markup): Insert that code for .htaccess file.. the "x" is the first 5 digits of your IP address This will deny everyone except you. But remember if your IP changes then change the number in the .htaccess file Its what I did to stop this guy from hacking into my WP site
i'm a little rusty on my .htaccess, but, wouldn't that also block anyone else trying to view the blog?
No it won't because you're making this .htaccess file in your "wp-admin" file not your root directory.