Wordpress Hacked - Need Expert Advice on this one...

Hi Val

I see this all too often and have therefore written a simple guide to what to do to recover your site and also how to prevent it happening again. Coincidentally it has the same title as your post! You can get it at:

In the U.S.

Amazon.com: Wordpress Hacked Report eBook: Mandy...

In the U.K.

Wordpress Hacked Report eBook: Mandy Hardwick:...

If you don't have a Kindle then pmail me and I'll send you a pdf copy at a discount....

either post a job in elance or go to fiverr.com to get someone to help you

if you really need help urgently and don't mind spending some money on this you can get the security experts to help you on this.

i think the experts charge a fee of $100 per month to help you maintain your server

If you are willing to risk your business with a host that has been known for bad reviews, your thinking truly confuses me. Due to the fact you were using, be sure to only use plugins that you know have a proven track record. Using numerous plugins that don't even get used is an additional security risk. Be sure to keep everything up to date and keep back-ups of ALL your websites.

To the best of my knowledge there is NO mass.php file in a standard WP installation.
Unless it came with a "free" theme...

My guess would be the hackers either got access to your site(s) or they hacked the servers.

As I was preaching all the time about WP: whoever is using the online theme editor with writable files/folders (aka chmod 666 or 777), actually, deserves to be hacked... if they leave the files writable after editing. I hope you didn't do that

Now, if you moved away from that host we will, probably, never know whether it was their settings, a weak point on your site (like a guessable pw) or something else...

Recently, there were a few great threads about WP security.

Good advice Jake!

Stick with a reliable well known company but realize that security is ultimately your responsibility. There are many threads here about taking necessary security precautions but most users are defeated because of simple basics like weak passwords, uploading themes or plugins from third party sites and using insecure ftp for uploading. Sounds like you were taking daily backups so good for you as that's your ultimate solution for a badly hacked site.

And now you know better.

You can promote your "own" products and WSO's in your sig file, you're not allowed to promote affiliate links....

WP-Padlock Security Suite is MY product, and I'm only pointing out my sig link to someone who obviously can use the help...

There's another thread that has discussed my product at length right here in this thread: http://www.warriorforum.com/main-int...p-padlock.html so it's not without precedence!

~AzSno...

That's exactly what you shouldn't do...

Well, here's the Forum Rules:

The main overriding rule for this forum is this:

Rule #1

If you have a problem with another Warrior, a Guru, or God, take it up with them directly. Not here. No exceptions.

--------------------

==> NO POLITICS OR RELIGION. <==

--------------------

SIGNATURE FILE RULES

Sig Files are getting out of hand.

We're getting all colors of the rainbow and some people are using massive fonts...comes a time when things need to get back into line so...

NEW SIG FILE RULES

(1) Maximum length of sig file is 5 lines which includes any blank lines used for spaces.

EDIT: War Room members are allowed up to 6 lines.

(2) You are only permitted 1 color in your sig file, this can be any color so long as it's black (hyper links can be blue as they come up this way on the board)

(3) Sig files may only be written in the normal standard font size.

(4) You may bold or italicize but that's it.

added by admin:

(5) No Affiliate Links Allowed - Promote Your Own Domain/s Only. It's either this or we have to cut out sig files altogether which we do not want to do.

EDIT ADDED 3 May 2011: The new WarriorPlus affiliate links for WSOs are not allowed either.

(6) Anyone Caught Promoting The Same Site/Offer Will Be Deleted. Program owners are telling their members to come here and make posts to promote their offer in their sig files. This has caused tons of useless messages to be posted and it is clogging up the forum. Anyone caught doing this will have to be removed. This is not an ad forum - it is a discussion forum.

Edit: We have no problem with someone pointing to their WSO within their sig.

Edit: Due to certain people trying to find a loophole I needed to add yet another edit. Please do not try to get around these rules by getting your own domain name and simply redirecting it to an affiliate program. You Will Be Removed From Here When Caught.

If you want to promote an affiliate program do it on your own domain. Your own web site. Not a "pre-made" web site. Your own web site, a real one. Then put THAT web site in your sig file.

A simple way to stay within this rule is this: Promote Your Own Real Web Site And Do Not Listen To Anyone Who Tells You To Come Here Just To Promote A Site They Created For You.

Michael Tracey
Warrior Forum Moderator

Can someone be so kind as to point out where I broke the rules???

Hi Val,

Try looking at this WF Blog article I've written about basic WP security and corrective measures in case of an attack.

And I'm open to be corrected by Warriors.

wordpress is not secure, but there is something that helps, try to search on google how to use phpbb3 MD5 encryption, they can still hack your website but they wont get any password

I think mass.php is a program that allows the same script to be installed on several different servers and/or domains. This old link from that other forum we don't talk about has a reference to it:

Mass PHP Script Installer for Multiple Cpanel Servers


I'm also in full agreement that the idea of hiring some unknown "expert" on fivver or expecting to have a security specialist work their magic for only 100 dollars is ludicrous.

As you have backups of all your sites your best bet is to get onto a reliable host and build them there, paying attention to common WordPress security methods. This is an excellent resource to get started with:

Hardening WordPress « WordPress Codex


Bill

I understand your confusion, Jake, but I've had several customers ask me about this hosting company, for reasons known only unto themselves. I usually recommend HostGator, BlueHost or Canadian Web Hosting to my customers, but the price was attractive to some newbies and after several questions about JH I decided to try it myself and see what all the fuss was about on the revue sites.

I used this hosting company to set up test sites on a throw-away domain name. I had the search engines blocked, and there wasn't much original or valuable content on the sites I had posted - I mainly used the sites to test themes and other things I was was learning about.

I discovered early on why this company has a bad reputation with numerous annoying problems before this happened. However, the cost of this experiment was only $40 (for a year's unlimited hosting) so I decided to give it a go. Nothing ventured; nothing gained. It's how I learn.

And I have learned a lot for that $40 investment. (On all my sites, I do regular security and maintenance, keep things up-to-date, and I do regular backups.) And now I know a lot more about hacking than I did with almost 10 years experience hosting sites on other servers.

Colin: Thanks for the offer. I will be in touch as soon as I'm officially 'off' my so-called vacation. Heading out for some serious camping and trekking this week, so will put it off until I get back.

Istavan: I don't know what the online theme editor is. Is it the theme editor that is part of the Wordpress Installation? I edit all my themes via secure FTP (Transmit) and I don't leave anything editable once I am finished.

One of the sites did have a free theme. Usually I check every file and it's contents before uploading or using a theme. I have never seen a "mass.php file in any wordpress theme, or on my server once Wordpress was installed."

What do you mean by a 'standard' Wordpress installation? Do you mean a manual upload of Wordpress itself? Or does this mass.php file come if you do a Fantastico installation? I checked all the free themes that I was using and did not find a mass.php file in any of them, which makes me think the server was hacked.

Which makes me curious as to why some servers are more secure than others, which is part of the reason I tried this hosting company - to find out if this was true, which I am now convinced it is.

For what it' worth, the plugins I was using were tubepress and login lockdown. I never leave unused plugins on the server. My password looked like this - though this is not the actual password: *yg6R#2bP-/T8 My user name looked like this: yf%M.@>B7

Also, while I think of it, I had some domains with just an index.html file in the root directory - a few sites had Wordpress, but even the html files were hacked. Not sure if that is an indication that the server was hacked, or not?

This certainly has been a learning experience. I really feel for anyone who has had their sites hacked. Even on test sites, it wasn't a fun experience.

Edited to add: I haven't moved away from this host - I paid until the end of December, so I'm going to rinse and repeat the process to see if I can duplicate what I did wrong. As mentioned previously, it's an experiment, so using what I've learned in this thread I'm going to try again and see what happens.