Someone (or some program) is hacking my site. I changed my password for admin twice, and there are no record of updates (except mine when I delete the hack code). The hack is simple enough, it adds a <script> to the end of each page, pointing it to some hack site. Getting rid of the hack means going into each of my 12 pages and deleting it... only to have a NEW <script> hack put there a week or so later! Anyone else experience this kind of a thing? Any idea how to track it and stop it?
Thanks for the interest... I actually got a list of links from the Wordpress forum: http://wordpress.org/support/topic/hacker-adding-links-to-each-page?replies=2#post-2257040 Apparently hacking a Wordpress site is rather common, and the solution is deleting EVERYTHING and reinstalling clean backups. When I have a free 4 or 5 hours to do this, I'll have to clean up the site. Thanks for trying to help all the same. Cheers
@xira There are a couple of Wordpress plugins you may want to take a look at that may help. Yes, SQL injection is common. The most problems are on sites that do not keep up with the latest WP versions or let an automated install program name their SQL database wrdp1 or a second one wrdp2. http://wordpress.org/extend/plugins/secure-wordpress/ is a free plugin that checks your site and tells you where you may have problems. http://wordpress.org/extend/plugins/login-lockdown/ shuts down a login based on multiple failed attempts from a specific IP If you don't have your back-ups automated there is also WP-DB-Backup for that. Thanks for posting the list of links.
Hi search for "how to secure your wordpress blog" or similar to it and follow their steps to secure your website..... hope it will help you
http://wordpress.org/extend/plugins/secure-wordpress/ is a free plugin that helping you keep your site sife
This is nasty, It's most likely a script hidden somewhere on your website that is editing all your files every now and then. When you remove it does it come back, and how soon/often?
Make sure to also keep your FTP account secure. In many cases we actually see the break in happen via FTP because the user has a Trojan/Worm on their computer reading out the FTP Username/Password.
Thx. Installed the secure-wordpress plugin and the clouds parted. Is the problem resolved? Do I need to dump re-install and worry worry worry? Or have the leaks been plugged? Where can one find out more? How deep do they get into ones site? How do they do it?
Hacked Wordpress sites have always been an issue. Not just recently. This is usually why Wordpress periodically comes out with updates to patchup any vulnerabilities. In some cases it is the Web Host that had been compromised, so you may want to check with them and/or change ALL logins associated with your account and site. Control Panel, Databses, Admin Logins, FTP logins, Email Accounts. But I'm assuming the reason you are continuing to get compromised is because the malicious files or scripts within your site have never been completed removed just kind of like what was already explained here. For example, you might have some coding added to each of your pages, but you could have a "c99.php" script (or multiple) hidden around some folders in your website. It's pretty much a single file that give them full access to your entire website and they can do whatever they want. Look at this example: http://corz.org/corz/c99.php haha funny stuff. But anyways, if you're using the newest version of Wordpress then it will generally be secure already. Until someone discovers some more vulnerabilities with it and then a new version will come out. Maybe someday there will be no vulnerabilities with Wordpress
Upgrade your WordPress ASAP, old version has a XSS exploit which allows hackers to redirect your site to another.
I tend to believe this could be your case as happened to me before. The hosting server was hacked and all the WP installs were compromised with some php files that were added to some folders. Took me a day to get rid of them, and then I changed the hosting provider. Good luck!
look for malicious files in your web folder and delete it, clean the hack script code in every page that got it, and most important..clean your computer (reinstall the OS if needed) from any viruses, trojan etc..i recommend twister av, change or upgrade your FTP software, and change your FTP password and don't save the new password in your FTP software or computer. That's it...
I have faced the problem in the past. On more research I found that it was a problem on the hosting company's server being hacked rather than my wordpress installation hacked. If you are keeping everything updated then it is not you but your hosting company who has been hacked and they possibly inject it from the SQL server. I realized it instantly as it was a reseller account and all wordpress websites faced the same thing. And once I complained it to the host and restored the websites from an old backup it never appeared again. So, check with your hosting and other customers hosted on those servers before blaming wordpress. Wordpress is one of the safest CMS and if you use the correct combination of plugins and permissions then it is nearly impossible to get hacked in wordpress.