Wordpress Sites Hacked?

Are you sure you have the latest version? What about your currently installed plugins? Have you checked around to make sure there haven't been any recent security holes or updates?

Try WP-Padlock - great investment, not expensive, easy to setup and will really protect your Wordpres sites.

@Craig - Yeah. That's what I'm doing now. I'm changing all of my passwords. And I ran a computer scan last night and today. I also ran Trendmicros HiJackThis and found nothing.

It's a pain in the butt changing all the passwords. oh well.

The latest version of wordpress means nothing ... Many of the old versions are more secure than the latest.

* Make sure you are running with nothing at 777
* You should be on a host running PhpSuExec
* WP-Padlock is NOT a security program to protect your install
* WP-Security Scan does just that "scan" only
* Never keep your passwords stored on your computer
* Use passwords such as No-HaC*keR*s_AlLow$ed-I9n-mY_@sYsT&Em
* Make sure every directory has a robots.txt file and a blank index file

The above are just a few things you can do, I have a security product that well over 300 customers have purchase, if you are interested PM me..

James

Isn't this scary? Even blog sites are being hacked!

@webdesigners - it's a possibility, but they didn't hack cpanel. They just got into wordpress. I think the blame would be on me and not the hosting company. Here's why.

I had weak wordpress passwords.
I never considered to even try and protect my wordpress blogs. And I assumed nobody would care to hack it.

I use wordpress for my blog platform and use Loginlock down plugin at WordPress › Login LockDown WordPress Plugins sorry have not done enough posts to give direct link. Also to back up Wordpress blogs which I get email sent once a week with back up files try: WordPress › WP-DB-Backup WordPress Plugins
Hope it helps.:just had virus that changed temp on computer fan and in turn burnt my video card dead-Shame hackers and virus builders do not put their talents for the good of mankind-Give me 5 mins in a locked room with them!

My sites were hacked recently:
http://www.warriorforum.com/main-int...ppens-you.html

First you have to determine if it comes from your PC or your server. My FTP details were stolen by malware on my PC. If this is the case, no point changing your password to something obscure as it does not help.

I have one question: how do you know your site were hacked? Maybe we have the same symptoms.

Hi. I've also had my wordpress sites hacked and just recently resolved the problem. You can read the thread at http://www.warriorforum.com/main-int...te-advice.html.

In the end, I discovered that there was malware on my harddrive that was compromising my login data, and for that reason none of the external security measures I took, such as changing passwords and changing the database table prefix, were of any help. I did a number of security scans, and although I found a number of trojans, worms and so forth, I was not able to get the specific malware accessing my harddrive. In fact, the more security scans I did, the more I found my system disabled. It was as if the infectious agent was attempting to survive by slowly crippling my system.

In the end, I was only able to resolve the problem by completely reformatting my harddrive and doing a complete system reinstall. I have also installed Trend Micro and Zone Alarm, and I keep a close watch on everything that attempts to communicate to and from my system.

My advice is that you do everything you can to determine whether the hacking is due to a vulnerability in your hosting or a vulnerability on your computer. If you rule out hosting vulnerabilities, then the problem is your computer. James and some of the other Warriors helping me to troubleshoot my own hacking situation drilled that home for me, and in the end, it came down to an either the hosting or the computer.

By the way, if you could provide a little more information about the nature of the hacking, perhaps a sample of the code you are finding, it might help point the way toward a solution.

I wish you best,
Evan

I'll chime in with support for James' solution.

I bought it when he released it. It's a winner.

Right. I also run James's script on my sites. Give the bots something to chew on other than your domains.

Thanks guys appreciate the support .....

James

@James - Hey thanks, I just purchased it. I'm still updating my computer after reformatting it. Fun, fun.

@Abel - Thanks I followed some steps on there and decided to reformat my computer. Just in case. And it's nice to have my computer load faster now that it is not cluttered with stuff.

All they did when they hacked into my wordpress blog was change the index file in the themes folder to say, "This site was hacked by some dudes".

So yeah, never assume.

Thanks for everyones help I really appreciate it. Now I'm off to secure my blogs and update my computer.

Scan your computer for any malacious tracking software and keyloggers.

Do that before you go and change passwords, in case you have a keylogger.

And try to increase the complexity of your password, making it longer and more random alpha-numerically.