hello our site http://www.meetmedaily.com has been hacked again...this is 2nd time.. hackers are supposed to be from indonesia... i wonder how did they hacked? please suggest what are the solution?
Are you running any type of plugin to help protect against hackers? If not, get one. There are a couple good free ones that will go a long way to helping you protect your site against hackers. I have found BPS Security to be very helpful. It helps you protect certain areas of your site that are normally security risks. It also gives you recommended permissions for various directories/files on your site. It looks like your site will let members sign up and post? If so, make sure you are using a role management software that limits what parts of your site your users can access based on the role that they are assigned. While not the best protection, a captcha on your login form can help protect against someone using a bot to spam your login with password/username combinations. A better option, or one to deploy alongside captcha, is using a plugin to block access to your site from an IP address if they have xx unsuccessful login attempts.
1.update your wordpress to latest version 2. update all your plugins 3. changes all your admin pass include FTP, controlpanel... 4.check all your files and folder remove all files folder unused goodluck
In addition to what lamvt listed, you should also alert your host - the hack may be occurring on another site sharing your resources. I'm also curious, what makes you think hackers only come from Indonesia and why would that matter?
Check your logs and contact your hosting provider. If they keep hacking your blog you obviously have a security hole that needs to be patched. It doesn't necessarily mean it's Wordpress, it could be one of your plugins or some other files your have on your server, it may be a trojan horse infected your FTP software...it could be anything. The hackers probably installed a backdoor and now they're messing with you. If you don't find the cause soon, the best thing would be to back-up and export your database and delete everything, change all passwords and install Wordpress again and import your database. Start fresh and secure your blog as hard as you can. You only do that after you do a thorough job of scanning your computer for viruses. I always keep a live Linux distro CD with me in case I have to do some sensitive things that could possibly be a target of malicious software on my PC, since there's no way to be 100% sure of your security. I recommend you to do the same. Every time you need to change passwords (or shop online using your credit card), always and always use a Live Linux CD and never do it from your Windows or any other home OS. Download a popular Ubuntu distro or Knoppix that I use: http://www.ubuntu.com/download/ubuntu/download http://www.knopper.net/knoppix/index-en.html Here are some useful articles on how to secure and harden your Wordpress installation: http://codex.wordpress.org/Hardening_WordPress http://mashable.com/2010/04/28/wordpress-security-tips http://codex.wordpress.org/FAQ_My_site_was_hacked http://www.shareaschnitzel.com/how-to-secure-wordpress-wordpress-security http://maketecheasier.com/11-ways-to-secure-your-wordpress-blog/2008/08/12 http://www.wpsecuritylock.com/how-to-secure-wordpress http://www.dailyblogtips.com/5-plugins-to-keep-wordpress-secure http://www.searchenginepeople.com/blog/how-to-secure-wordpress.html A little reading about .htaccess: http://www.askapache.com/htaccess/htaccess.html A blog to keep in mind: http://blogsecurity.net EDIT: Two more good security plugins for Wordpress http://matthewpavkov.com/wordpress-plugins/wordpress-firewall-2.html http://www.websitedefender.com/secure-wordpress-plugin/
There are two plugins I use to check my theme and plugins. Do a search in WP repository for: Theme Checker Plugin Checker This will give you an idea of problems if the hackers are getting in b/c of your theme or plugins. I use bulletproof security plugin to keep my sites secure. (also can be found in WP plugin repository.. free and paid versions available)
Use login lock for wordpress which will block anyone with certain number of invalid login attempts plus u can use secure wordpress too. Best of all, always update ur wordpress and pluins to latest version to be in safe side!!!
Read these articles...you might get some clues to secure your wordpress. Essential wordpress security tips or How to remove malware from your site Hope it helps...!!!
Try this approach i've done for my site. My site even hacked before the article was posted. Hope it helps. Also consider using these useful plugins. They might be useful for your site too.
There are a dozen ways you can protect your WordPress website form hackers. Here's a good read: http://www.johnchow.com/how-to-secure-your-wordpress-blog/
I have several different people trying to log into several of our blogs using numerous attempts to access the control panel. I have installed and configured the free plugin "Limit Login Attempts" which is helping. The plugin keeps a list of the User Names the hackers try to use & many of them try the old favorite "admin". So be very particular for your user name ans password.