How To Stop Being Hacked?

I've being hacked twice in three days by the same people.

They come from turkey and said there hacking me because of this:

'look! I'm not bad people but england is turkish enemy so i deface your site and england sites...'

Really getting annoying now, I've got the latest backup of the site but I hate having to keep uploading it.

How are they hacking my site, this is the first time i've ever had a site hacked.

 

You'll have to give us a bit more information than that.

Have you reported it to your hosting provider?

 

Yeah, the first time it happened I sent in a support ticket and they just said to re-upload everything.

Just sent in another one asking if there is anyway to stop being hacked, just waiting for a reply.

I hate giving links to my website, but the site is www.michaelowen.net

 

Do you usually run some sort of CMS, for example Wordpress?

If so, are you making sure you're using the latest version?

Have you changed your passwords? Don't use the same pass for everything and use strong passwords that include numbers and special characters such as "!".

 

Yeah its run on wordpress, and its 2.6 version.

The password is generated by wordpress when I install it so is pretty hard to crack.

 

Do you use a lot of different plugins?

Might be worthwhile disabling them for a while when you put the site back up.

 

Nope, only got two, but I will disable them anyhow when its back up, just wait to see what my host says as well.

 

Are you using the google sitemap maker, if so remove the CHMOD from 777 to 644 and do the same with any other plugins, that how they hack you site.

and use this .htaccess on your admin folder:

and this one for your wp-content folder.

 

Thanks, i don't have a sitemap yet, but the plugins were set to 777, i'll change them and see if that does anything.

I'll add the .htaccess files, but what do they actually do?

 

They will only allow you ip address to access the admin panel and deny all other ip address's from accessing it.

 

When I add the .htaccess files to the wp-admin folder and the wp-content folder it stops me from logging into wp-admin

 

Are you using the correct IP address?

 

Yes. The .htaccess file I uploaded into wp-content is fine, its just the one for the wp-admin thats playing up

 

Remove the ( ) so it just look like this

order deny,allow
allow from 666.66.666.66 # This is your static IP
deny from all 

Code (markup):

If you don't have a static IP just use the number that stay the same like 195.90.***.**

 

What if some one have dynamic ip?

Thanks

 

allow ISP IP range ^_^

 

Use a wildcard (*)

 

ok, whats a wildcard lol ?