31 {{ upvoteCount | shortNum }}
31 {{ upvoteCount | shortNum }}

Wordpress Hacked?

by livo
27 replies
Today i tried to log in to my Amazon site but after putting my username and password in it would not let me in.

I tried to get in through the forgot password route but it said email not in database?
Eventually i logged into my cpanel and changed everything through phpAmin still no joy?

Could my site have been hacked, also i have noticed no clicks to my site in the last four days.
#hacked #wordpress
  • Profile picture of the author John Jonas Phil VA
    It's possible. Have you tried contacting your hosting service?
    Signature
    Hire a Filipino virtual assistant and make your business better through outsourcing.
    {{ DiscussionBoard.errors[7854136].message }}
    • Profile picture of the author CDawson
      Banned
      It's possible someone got in and changed your affiliate coding to theirs.
      {{ DiscussionBoard.errors[7854147].message }}
      • Profile picture of the author livo
        Originally Posted by CDawson View Post

        It's possible someone got in and changed your affiliate coding to theirs.
        Affiliate coding is still mine!

        Its just strange that i can change my username and password but still cannot log in.

        Looks like i will have to contact hosting company
        Signature


        {{ DiscussionBoard.errors[7854196].message }}
  • Profile picture of the author cloudstrife
    My WP site got hacked. Even got me the Google slap with malware. Recently installed Wordfence Plugin. Site hasnt had an issue since. Not sure whether this is due to Wordfence or otherwise.
    Signature
    See My Case Study For A New Program Where I Made Multiple SALES Within 24 Hours... And You Can Too!
    {{ DiscussionBoard.errors[7854201].message }}
    • Profile picture of the author jamescanz
      Definitely call with your hosting company. Depending on who your hosting is, they usually offer many alternatives to getting your site back on track.

      Best of luck
      {{ DiscussionBoard.errors[7854272].message }}
      • Profile picture of the author livo
        After contacting my hosting company they found out my site had indeed been hacked.

        But even worse the hacker was still logged into my account and somehow even managed to get into my hosting account as well and has now deleted the website and all the files that was in there.

        Just waiting for a call back from them..

        Really worrying has i have eight other sites hosted with them.
        Signature


        {{ DiscussionBoard.errors[7854334].message }}
  • Profile picture of the author elishahong
    Hope that your Cpanel or host has a back up and will be able to get a back up restored for you. I've experienced similar situations where I was hacked but just like cloudstrife, used WPFence and also Bulletproof WP and that helped a lot.
    {{ DiscussionBoard.errors[7854346].message }}
  • Profile picture of the author rred
    Don't worry and just contact your hosting company and let them know about your problem they will definitely have a solution for it.
    {{ DiscussionBoard.errors[7854350].message }}
  • Profile picture of the author shadowarrior
    Yeah...i guess you got hacked!

    Same thing happend to me once! Couldn´t log in into my wp admin anymore....got an error
    that my user doesn´t exist! Luckily i got it back again via cpanel!
    {{ DiscussionBoard.errors[7854643].message }}
  • Profile picture of the author jcoxpgh
    Once you get your site back i would make sure your admin login isn't admin, if it is change the name to something else. I would never post as admin after that. Create a new account as an editor and post from that account. I would also look into installing some WordPress security plugins. get a backup plugin and have your site backed up offsite.
    Signature
    IT Consultant for Hire | 3 Steps to make your WordPress Site More Secure

    Joel Cox
    {{ DiscussionBoard.errors[7854720].message }}
  • Profile picture of the author azmanar
    Originally Posted by livo View Post

    Today i tried to log in to my Amazon site but after putting my username and password in it would not let me in.

    I tried to get in through the forgot password route but it said email not in database?
    Eventually i logged into my cpanel and changed everything through phpAmin still no joy?

    Could my site have been hacked, also i have noticed no clicks to my site in the last four days.
    How do you check your traffic?

    If there is no traffic to your site, probably your traffic has been redirected elsewhere by your web hosting provider, nameserver issues at your domain registrar or maybe traffic flagged and halted from accessing your site by security CDNs you subscribed to - such as CloudFlare.

    For basic and effective security for WP sites, try looking at this blog article : http://www.warriorforum.com/blogs/az...han-sorry.html
    Signature
    === >>> Tomorrow Should Be Better Than Today
    {{ DiscussionBoard.errors[7855091].message }}
    • Profile picture of the author eramedia
      Also install a plugin called Better WP Security.

      This really helps you to close a large number of security holes/weaknesses.
      {{ DiscussionBoard.errors[7855126].message }}
      • Profile picture of the author Moneyland
        Originally Posted by eramedia View Post

        Also install a plugin called Better WP Security.

        This really helps you to close a large number of security holes/weaknesses.
        I keep having hacking problems with one of my sites - how do I get hold of this plugin Better WP Security :confused:
        {{ DiscussionBoard.errors[7867899].message }}
  • Profile picture of the author cooler1
    Who is your host?

    Did your site have any WP security plugins installed?
    Signature

    {{ DiscussionBoard.errors[7855225].message }}
    • Profile picture of the author livo
      Originally Posted by cooler1 View Post

      Who is your host?

      Did your site have any WP security plugins installed?
      Host is Bluehost and i had Bulletproof security.

      But they still got in,luckily they did not touch any other sites.

      But all my sites are locked down until they find out what happened.
      Signature


      {{ DiscussionBoard.errors[7855864].message }}
      • Profile picture of the author Mohsin Rasool
        Originally Posted by livo View Post

        Host is Bluehost and i had Bulletproof security.

        But they still got in,luckily they did not touch any other sites.

        But all my sites are locked down until they find out what happened.
        Hi Livo,


        Sad to know this happened to you.
        Did you have latest Wp , i mean upgraded to latest version or it was old version of WP?

        Also have you checked, you DNS entries as already pointed by fellow Warrior. You know sometime they are just after your domain, and they move domain to some other registrar, keep your site intact so you do not notice much change. But eventually take control of
        the domain and redirect traffic to their own sites.

        Glad to know that you are already in talk with your host as they are in best
        position to know what really happened and how to avoid it happening again.

        For now you may change passwords to all your sites, and cpanel and ftp passwords
        also.

        Good luck and hope you get your sites back on operation quickly and safely.

        -Mohsin
        Signature
        Warriors4Hire: WordPress & GENESIS Experts | Custom WP Theme | WordPress Troubleshooting | Customizations | WP Security | Responsive Themes

        My Business site: WarMarks - Web Development | My Personal Blog: Mohsin Rasool
        {{ DiscussionBoard.errors[7856031].message }}
  • Profile picture of the author earsaver
    I think I got hacked yesterday. Suddenly a red Security Warning appeared in English and Spanish. It said "Treat this URL like you would your password. Don't share it with anyone."

    I did a little searching and discovered its caused directly by the Facebook plugin. Once I deactivated the plugin, or changed the theme, the red warning disappeared. However, as soon as I reactivate s the plugin, the warning returned.

    Joe Benevides
    Signature

    Macs4newbies.com

    {{ DiscussionBoard.errors[7867481].message }}
  • Profile picture of the author intergen
    The Base64 hack is going around lately. Once I was able to get back into my site I downloaded a WP plugin to scrub my install and it got rid of the Base64 hack - this was after I spent days trying to get rid of it.

    Word of warning to all - if you have a WP install keep your install and all plugins up to date. That's how they exploit & hack your blogs & sites.
    Signature

    {{ DiscussionBoard.errors[7867518].message }}
  • Profile picture of the author Jeff Sommers
    I had a site hacked one time and everything on it was Arabic. I had to have my hosting company wipe the site and I rebuilt it. I told a friend and he advised the plugin User Locker which shuts down the admin after five unsuccessful tries. You then have to use lost password to reestablish. The only trouble was I had to do this ever one to two days on each site. Since then I was advised to remove admin as the username for the login. From that time I have had no trouble
    {{ DiscussionBoard.errors[7867935].message }}
  • Profile picture of the author kpmedia
    Themes and plugins are often the weak link.
    Beyond that, you should secure folders and write permissions on the server.
    Signature
    FAQ: Need a Site5/Arvixe/Hostgator alternative? And who is EIG?
    Reviews:     Need a good VPS, dedicated server, or unlimited host? (This is NOT a fake "top 10" list!)
    {{ DiscussionBoard.errors[7867966].message }}
    • Profile picture of the author ArielT
      Originally Posted by kpmedia View Post

      Themes and plugins are often the weak link.
      Beyond that, you should secure folders and write permissions on the server.
      How to secure folders and write permissions on the server? is that something that a plugin does or have to to made manually?
      {{ DiscussionBoard.errors[7868309].message }}
      • Profile picture of the author kpmedia
        Originally Posted by ArielT View Post

        How to secure folders and write permissions on the server? is that something that a plugin does or have to to made manually?
        It's not a plugin. Most WP security is not done via plugins. In fact, some of those "security" plugins are exploitable themselves, so be VERY careful about loading your site down with plugins.

        If you need help for free, ask the host. Hopefully you have a good oner like Stablehost or MDDHosting (newbie-friendly) and not something like HostGator (EIG). Or use Google.

        Someday I'll get around to my guide, but need more time.
        Signature
        FAQ: Need a Site5/Arvixe/Hostgator alternative? And who is EIG?
        Reviews:         Need a good VPS, dedicated server, or unlimited host? (This is NOT a fake "top 10" list!)
        {{ DiscussionBoard.errors[7868776].message }}
        • Profile picture of the author livo
          Managed to get my site back online but had to start again from scratch also one of my other accounts was hacked when i managed to get this one sorted all the content was wiped from this also.

          I asked the hosting company if there was a back up of my account and i am awaiting further responce.They have said that the hackers are using very sophisticated techniques and issues like these may take some time.
          Signature


          {{ DiscussionBoard.errors[7868927].message }}
  • Profile picture of the author earsaver
    Evidently, a number of people have reported the same Wordpress Security Warning that effected my blog. There seems to be a feeling that it could be a bug in Facebook rather than a malicious hack. Regardless, the simple solution was to deactivate the Facebook plugin and remove the "Like" and "Share" buttons. I downloaded an alternative plugin in the meantime. Hope this helps

    Joe Benevides
    Signature

    Macs4newbies.com

    {{ DiscussionBoard.errors[7871689].message }}
  • Profile picture of the author sunny00
    It's a shame people spend their time doing things like this but what can you do but make sure it doesn't happen again. I am sure you could do some research on the best WordPress security plugins. The only issue I see with that though is someone possibly hacking the security plugin but hey maybe I am thinking to hard. :rolleyes:

    That's why I would leave to some professionals. This way as you grow your business you know you have top level technical support.

    Another important thing is to backup your site if you have not already.
    {{ DiscussionBoard.errors[7875550].message }}

Trending Topics