Hi DPers, I have a blog hosted at cirtex hosting. This is the second time my blog has been hacked. Previously in early june, it was cloaked with links on index.php in www_root Now, it got hacked ai index.php of www_root as well as wp-content/themes/theme/index.php This time I found the following code in it at the end: Please advice how I can avoid such third party edits!
You do NOT have to anser these questions. They are just some suggestions. Is your wordpress up to date? Have your modifications been verified as not having any security holes? Are all of your modifications up to date? Is the server operating system and all of the server services up to date? - apache, mysql, php, the operating system Has the hosting provider done a security audit of the server? Do you allow anonymous FTP access to the server? Are you using weak passwords? Do you have brute force protection installed? Those are some of the first things I would look at.
As kev says those are definetly the main things to look at: Another two things i would say are: 1) Change the default wordpress username whcih is "admin" to something else 2) Protect the wp-admin directory so that only you can log in
I've seen a lot of hacks such as what you have and the most common denominator is, outdated versions of wordpress. I would suggest that you start with that one and move on through what ~kev~'s has listed. As an addition, you can always setup a .htaccess password protected directory for you wordpress admin folder.
there is a plugin called wp-content protector. it disables right click and text copy... you can try it...
Problem identified I used to use AceFTP This is a very weak software and password can be easily taken off if there are infected files on PC.