Hacked Wordpress!

Alright, WordPress gurus, I've got a question for you: What to do if your website ever gets hacked?

 

First change the username and password of your ftp and mysql and then restore the website again

 

One important thing is missing there - you need to restore changed files from a backup.

 

First of all, is important to have backups.

Read security tips that prevents to be hacked http://codex.wordpress.org/Hardening_WordPress

 

Wordpress site mainly hacked due to default administrator name "admin" so please change your administrator name admin to anything by this you can protect further attack of the hacker on the websites.
Change your passwords.
Change your secret keys.
Check your .htaccess file for hacks and remove vulnerary codes from here.
Check index.php files and remove vulnerary codes from every index.php file
After this, upgrade your wordpress with latest version

Hope that helps. Have a nice day!

 

That's bullsh*t. Nobody is pathetic enough to try a brute-force attack these days. It just doesn't work.

Hackers usually take advantage of security holes in plugins and themes. Be careful what you install.

 

Wordpress is one of the best platform I must say except one disadvantage, it gets hacked easily due to standard files/folders structure. One has to take precautions if their blog is running on wordpress

 

What's wrong with it?

 

I meant to say... the folder and file structure of wordpress is standard. Everyone knows www.yoursite.com/ wp-admin.... will take you to the dashboard if you enters correct username and password. Hackers are not newbies, the are highly qualified people who do alot of research.

 

Well, just because something is open-source doesn't necessarily mean that it is buggy as hell. WordPress itself is IMO very secure. In most cases, the only security vulnerabilities are its users.

 

I'm not here to argument but to solve his problem. I very well understand being an open source doesn't mean it can be easily compromised. But there is something standard which everyone knows.

not

 

Hi,
I know this can get quite technical, but really it's not that crazy hard to work through.

Alright, so your host is saying they believe your FTP password was hacked, or you just noticed your site was hacked. First, start with a change of passwords. Just log into your control panel and change your:
- control panel password
- website FTP password
- password to all email accounts

If not sure how, just call the host and have them walk you through each.

Ok next, with that done it's time to check your site.
Lots of great free tools out there can help, like the links above, though I always recommend to my clients first ask the host if they have a backup from prior to your being hacked.

If no backup, then you could always start over and use this a lesson to remember to keep a backup of your website at least every few months in future, and/or use one of the many free daily backup plugins to do so.

If you have the ability to hire someone to help a quick search in Google will turn up lots of folks.

Sadly, there is no quick and easy to fix for a hacked website situation. A hacked site will require someone go through every file, clear out the hacks, and ensure all is locked down nicely to help prevent your site from being hacked again.

 

I really doubt that any hired "expert" would go through every file. If you haven't made any modification, all you need to do is just reupload original WP files (and themes + plugins).

 

You so funny.
ah, yea, that's what an expert does (reviews "every" file).

Or, maybe this past few years has been a dream and I'm only now waking up. Was I a butterfly?

 

I had issues and yes, I checked every files. Seriously, one by one. I did not wanted to have any infected files or folders.

• I keep wp updated
• deleted useless plugins
• Make sure there are no backdoors or malicious code left on your system. This will be in the form of scripts left by the hacker, or modifications to existing files. Check your theme files too.
• Change your passwords after upgrading and make sure the hacker didn’t create another user.
• Edit your wp-config.php and change or create the SECRET_KEY definition
• changed all passwords:wp admin, server...etc
• check wp admins:you supposed to have only one admin who has unlimited access
• notify your server admins ask them to check, too
• upload security plugins and checkers like exploit scanner...etc
• limit logins
• backup database frequently

I am not an expert, I just work on my own sites, but I want the best for them

 

Backup backup backup and download monthly backup of all files to your hard drive. I had a 'pleasure' of being hacked and must say online support chat with my host helped me to resolve the issue and i had injected malware links to almost all php files on website they went through all no problem. Calling host should be first thing on a list.

 

If you are using an Ftp program scan your computer by a strong trojan programs (i.e combofix) Than change wp-admin, ftp and mysql password. Google your plugin by searching each name with the word "vulnerability". If you find something vulnerable remove the plugin. Login your file manager using shell access (preferable) or FTP and check the "update" date of directories and files. If you see some files that updated or added on the date that your website hacked then check these files. Possible hacker could send a php shell code to your server for coming back.

 

Try the login-lockdown plugin to slow 'em down, regular back-ups with the duplicator plugin or similar
to restore if they do get in and don't use 'admin' as your user name. ( I have 'admin' set at 'subscriber' user level- just for fun)
Cheers

 

Stop using WordPress?


Jokes aside, WordPress try to sell the argument that they use "wp-" prefix to maintain a consistent development and plugin compatibility but, from my standpoint, this is only a way to enforce their presence on the web.

I mean, if someone uses WordPress, no matter how customized could be the version or the fact of removing the "Proudly" footer that links to them, because people will always know your site runs over WP just by checking the prefix of files and directories, but hackers can also know this and find exploits or try any threat to hack WordPress-powered sites.

I actually run my own self-coded framework, but when I tried WorPress, first thing I did was remove WP from everywhere, from the prefix of files and directories, to the variables inside the code. I changed also sensitive file names such as wp-login.php for something else, and so on.

This was truly a time consuming process that had to be repeated when adding new plugins, but I am happy to have been able to run a WordPress site efficiently without WP prefixes and without hacking attempts.

For the average user, wp-login.php is the key file to secure, and this can be done with .htaccess with ease.

 

Is all this really worth the hassle? I have never been hacked although I maintain several WP sites without any security tweaks for 5+ years now, so I don't consider similar changes useful.

Do you have any before/after stats?