How to Stop Getting Hacked?

Hello,

A few months ago I started using a dirt cheap host for a single low traffic wordpress blog that I wanted on a different server from my other sites.
After a few days the page wouldn't load and I contacted my host and was told the site had been hacked.
It was an official wordpress install with no dodgy themes or plugins installed. All installed through the wordpress site. Anyway, the host reinstalled the site from a backup and that was that.

Yesterday though I find I am hacked again with the same error message on the index page. I investigated further and it seems it was the Iraq Cyber Army??
Anyway, they had deleted all pages and posts, changed the menu structure and totally messed things up.

I have since reinstalled again from a backup but what I want to know is how can I stop this happening again?
The site using a secure password generated by lastpass which I have changed.

I suspect the hackers have a backdoor on the server.

 

There are probably backdoors in your site files.. most probably one of your theme files or somewhere else.. its common.

Have you changed any of your hosting passwords? Do you have any outdated plugins?

You can have a look over at www.protectyoursite.co.nz they offer a super simple solution to managing WP security.. something I use for my sites as I cant be bothered with the hassle anymore.. I have over 50 of them.

 

As mentioned, the theme was installed through the install theme for wordpress and the plugins are from the wordpress repository.
I am only using about 4 plugins anyway and the theme is a very basic one.
This site is very new, less than 2 months old.

I didn't change my hosting password but I will do that now.

 

Plugins and Themes from the repository are not imune from being infected.. keep that in mind.

 

Hi there.
I currently do not have wordpress at all, however, for my former sites, I use and recommend the plugin, bulletproof security. This will help to lockdown your wordpress.

If you can, can you look at this guide here on how to lock down your admin login area:
http://www.inmotionhosting.com/supp...lock-down-wordpress-admin-login-with-htaccess
That guide is great if you have a fixed ip at home, and or, fixed IP at home, friends, work, etc.

Wordfence is another wordpress security plugin that is good to use. It scans your site for issues and should be able to detect hacked plugins, or themes.

these plugins wont make you invincible, but is a good place to start.

 

With more than a decade in the hosting industry...unless the host have a very serious security problem in the server, 99% of the hacked accounts are cause easy passwords or vulnerable scripts/plugins. so make sure your are using strong passwords and the themes or plugins in your WP are up to date and patched. Something else, as you said you were hacked few days after a new install...do not discard a trojan in your computer stealing the hosting account or WP credentials. Some time before we had a client who was having a problem with many hosted sites were being hacked...to make it short...the cause was a combination of a plain text passwords stored by Filezilla in his computer + trojan stealing that information to access the sites, was nothing bad on the server side. Good luck!

 

Hello,

I recently posted a reply to another thread based on wordpress websites,

Also try using complex passwords, and change your WordPress Directory, aswell as keep WordPress up to date.

If the server has been compromised you might wanrt to find another host.

Regards,
Adam

 

First of all think what or who could have done it. Was it a friend, an enemy, a Phishing site, or some sort of program used to key-log you? There is always a way someone got your password, and with Tribal Wars security methods it is near impossible to infiltrate their servers.

 

Do you use nulled theme ?
Nulled themes are always dangerous.They can keep malware code.
Regals Mirvjeni

 

Computer hacking can happen in various ways. Your machine framework itself might be hacked and mined for individual data to secure your machine from hacking dependably perform obliged programming overhauls for your working framework and web program, introduce a firewall on your machine change your passwords regularly buy or download against infection programming, don't open new messages.

 

The key steps users should take in case of hacking:
1. Download website files to your PC and check them for latest changes, or do it using the built in file manager in Cpanel.
2. Restore the site from backup.
3. Check Joomla and WordPress for updates, as well as installed modules, plugins and CMS components.
4. Change administrative and FTP accounts passwords.
5. Clean cache / and tmp / site directories.

 

The first step is to assess the damage. Go to the website of your email provider, and log into your email account.

If the password has been changed, then try the password reset mechanism by clicking on the link marked “Forgotten your password?” or similar.

Once you’re into your email account, the very first thing you should do is change your password. Change it to something long and strong, using multiple cases, numbers and special characters. Avoid using real words. We'll deal with password security later, but for now, change it so the hacker can't get back into your email account.

 

Firstly, get your site set up with Cloudflare. It's a free Security Content Delivery Network and all you have to do to get it working is change your domains nameservers once you've registered.

Secondly, get some Security plugins, I suggest:

- iThemes Security - this helps limit exploitations on your blog and shows you how to fix or it can auto fix for you a wide array of leak holes. It also helps to hide areas of Wordpress so it's harder for hackers to find your files.
This includes Brute Force Protection, Malware Scanning and lots of exploit fixes.

- SI Captcha Anti Spam - a plugin to add a captcha to all your login/comment areas to restrict automated password guessing software from hackers.

This should help limit hackers quite a bit compared to just a vanilla install of wordpress.

 

A few standards of protection will go far these days. Use a strong password with upper and lower case alpha, numeric and special characters. Change this every few months. Some WordPress themes in particular free ones have security vulnerabilities. Check the one you are using. Update your WordPress version. Version updates often contain security updates. Finally, do use CloudFlare. You can enable it generally in your control panel. It will help your site security and your website's performance.

 

Can't believe nobody mentioned this right up until the previous post. This bears some emphasis:

The #1 method of compromising WordPress sites is via outdated code. Keep WordPress, all plugins and themes updated. This goes for those WP default themes you're not using, too. Update or, better yet, remove twenty-ten, -eleven, -twelve, -thirteen, etc.

The OPs issues sounds like a common defacement which is almost always an injection attack -- done through vulnerable code.

 

there is always a way someone got your password, and with Tribal Wars security methods it is near impossible to infiltrate their servers. please the change the passwords regularly

 

Sorry to hear about you being hacked. The posts have good ideas. Have you looked at your FTP stats on your server for unusual IPs around the time of the attacks? I especially agree with the post about stealing ftp passwords. Many servers are attacked using passwords harvested from your DESKTOP. Have you always used lastpass for your ftp passwords? Much of the malware infecting desktop software is designed to look for ftp passwords. If you haven't changed ftp passwords, I would do so.

I use CloudFlare and I could be wrong but I don't see a lot of security built in. There is some protection from DoS and spam bots but I'm not aware of much to stop hackers. And as a note, ftp is not usually added to CloudFlare.

I use Wordfence for security and I'm pleased with it. I also add Stealth Login Page to any of my non member WordPress sites. It adds an auth code causing one more level that has to be guessed before a hacker can gain access. Wordfence will compare everything in your install to the repository copy and tell you if there is a difference. Differences could be nothing or the backdoor you are worried about. You have to look at the scripts to decide.

If you are still concerned about back doors and don't have a lot of custom work (that's not a part of a child template) you could start with everything new. And just import the text for your pages and posts. It will be some work, but this way you will know you don't have any holes in your script.

Best of luck with your hacker problem.

 

There is a lot of things you can do to prevent getting hacked. A lot of guides on the net and so on. The best thing you can do is use good passwords, have a good firewall and security script like CSF, use maldet for malware scanning and monitoring, use a good mod security ruleset like atomicorp or comodo, and keep the web apps up to date.

 

We have actually written an article about wordpress security issues. I guess I can post the link here it's a nofollow anyway so just copy paste the link if you want to see the article at https://www.pickaweb.co.uk/kb/wordpress/how-to-improve-the-security-of-your-wordpress-site/

Hope this helps.

 

you have a backdoor in your code, sql or php injection. ask your host for a strict custom php.ini for your website or have your own.
do let me know, if you need any help or assistance.
thanks
khurram