1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Wordpress Security Help - I have been hacked

Discussion in 'Security' started by mattbaehr, Jul 18, 2011.

  1. #1
    I have a ton of Wordpress sites, both mine and clients. Several were hacked over the weekend. It looks like they just replaced the index.php file and made it so my login into the dashboard didn't work.

    Any good plugin suggestions to help prevent these types of hacks?
     
    mattbaehr, Jul 18, 2011 IP
  2. BRUm

    BRUm Well-Known Member

    Messages:
    3,086
    Likes Received:
    61
    Best Answers:
    1
    Trophy Points:
    100
    #2
    Hmm that's interesting. You'd think the developers of Wordpress would be on top on these things. Make sure you have the latest version and get in touch with Wordpress support. Only they can help you properly.
     
    BRUm, Jul 19, 2011 IP
  3. rNet4

    rNet4 Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    what version are you running? are you maintaining the server? was the server hacked?
     
    rNet4, Jul 19, 2011 IP
  4. BRUm

    BRUm Well-Known Member

    Messages:
    3,086
    Likes Received:
    61
    Best Answers:
    1
    Trophy Points:
    100
    #4
    Do you have any third party plugins? I expect that if you have they are compromised.
     
    BRUm, Jul 19, 2011 IP
  5. selvamurali

    selvamurali Peon

    Messages:
    69
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #5
    wpsecurity.net/category/plugins

    wordpress.org/extend/plugins/secure-wordpress
     
    selvamurali, Jul 21, 2011 IP
  6. c4gamerz

    c4gamerz Well-Known Member

    Messages:
    294
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    110
    #6
    I really don't think plugins will help you much. Hire a security expert and analyze server logs properly to see how it happened. In most cases its not wordpress itself but insecure plugins and server are the basic reason of hacking. I had fixed a few sites of my clients in the past and interesting thing to note is that they all were hosting there websites on godaddy and even after fixing, there websites were getting hacked again but once they shifted to some other host upon my suggestion all hacking attempts were stopped. So in my experience poor server security could be the cause of your websites getting hacked!
     
    c4gamerz, Jul 30, 2011 IP
  7. Tanya Roberts

    Tanya Roberts Active Member

    Messages:
    250
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    75
    #7
    Hi, there was the biggest security flaw on WP on one of the previous updates and was a critical one. People were told for the immediate update after the vulnerability was found.
     
    Tanya Roberts, Aug 3, 2011 IP
  8. ContentWizard

    ContentWizard Peon

    Messages:
    60
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Install latest WP version, analyze the logs and get help with security experts. Be cautious in getting third-party plugins.
     
    ContentWizard, Aug 3, 2011 IP
  9. Nuno Brito

    Nuno Brito Active Member

    Messages:
    1,016
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    80
    #9
    Yep, been down this road as well. Stopped using wordpress and moved onto google sites. Never got problems with vulnerabilities again.
     
    Nuno Brito, Aug 21, 2011 IP
  10. DailySoft4U

    DailySoft4U Peon

    Messages:
    16
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Upgrade your wordpress to new version. Then check the log ti find the way hacker access your site.
    Contact me to help if you can't find the way.
     
    DailySoft4U, Aug 26, 2011 IP
  11. Tashi Mortier

    Tashi Mortier Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    0
    #11
    In such a case I'd be very careful.

    First of all change any passwords, then get backups of your database and reinstall every wordpress blog on the compromised server.

    Don't keep any file that has been on there, any php file could still contain a backdoor. (So called webshells, that give you full access like Windows Explorers)

    I've already seen this happening once to a friend, and you really want to make sure to kill everything that has been on the server.
     
    Tashi Mortier, Aug 29, 2011 IP
  12. khanter

    khanter Peon

    Messages:
    210
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #12
    I am having a similar problem with Hosting Zoom servers. Am beginning to think I should close down these accounts to see if it stops the rot.
     
    khanter, Sep 9, 2011 IP