Serious hacks in wordpress - MUST READ IF YOU USE WP!

19 replies
Two days ago I sent an email and got a bounce back from my host, stating that I had exceeded my 150 email per hour limit.

*SCREEEEEECH* went the brakes. I had only just gotten out of bed and this was the first email I sent. I logged into their chat support system and reported it immediately, but they couldn't do much more than tell me to find the files I thought were infected. I looked and deleted what I didn't recognize. I still couldn't send email as the day went on.

A few more times with their support and I hadn't made any progress. Up to this point I had been working with the email support group.

The next day I got a compliance email telling me exactly where the file was. I was able to trace it back to an installation that was deep in a subdirectory at that point. I contacted support again to make sure nothing bad was going to happen to my help, this time the TOS violation department.

The installation was about 3 years old and I almost completely forgot it was there. It was long before I had access to tools like fantastico, which I strongly recommend you use.

What can you do to keep your wordpress installation safe?

First, I recommend using a tool like fantastico if it is available, because it will alert you as soon as you log into CPanel if there are any updates available. Not only that, but the installation and update are both "one-click."

Next keep a regular update of your entire site. This way if you ever get hacked you can quickly delete everything and restore to an older backup. This was actually something that was recommended by their support which horrified me. They said I might need to do it, but I didn't have a recent backup.

Make sure that you keep an eye on any access logs that are available to you, too. Some hosts won't provide this feature, but you should check to see if it's there for you.

TL;DR - Make sure you keep your eye on wordpress installations and keep them up to date to make sure your account doesn't get hacked, or you risk losing all of your hard work.
#hacks #read #serious #wordpress
  • Profile picture of the author seobirk
    Backups are always a good idea
    In WP using the admin account isn't a good idea, as it typically is a nice target for hacking.
    {{ DiscussionBoard.errors[4517173].message }}
  • Profile picture of the author Sire
    I also use a firewall plugin, limit login plugin and other measures to secure my blogs. I've taken these measures because I was hacked once and I don't want it to happen again.
    {{ DiscussionBoard.errors[4517195].message }}
  • Profile picture of the author Juan L Costa
    Thanks for the warning, will keep this in mind.

    Even though the hosting provider should do a backup every few days, it's always best to do them yourself to make sure that you are safe.
    {{ DiscussionBoard.errors[4517223].message }}
  • Profile picture of the author Dennis Gaskill
    Originally Posted by JustSomeWarrior View Post

    What can you do to keep your wordpress installation safe?

    First, I recommend using a tool like fantastico if it is available, because it will alert you as soon as you log into CPanel if there are any updates available. Not only that, but the installation and update are both "one-click."
    First of all, Wordpress itself will tell you if an update is available. You don't need Fantastico for that.

    Second, using Fantastico is a horrible idea. It installs Wordpress with all the default settings. Hackers know the default settings, and that's one of the main ways they gain access.

    You should learn how to create a secure database and modify some of the default settings in the script, and then manually install Wordpress. Choose your themes and plugins carefully as well.
    Signature

    Just when you think you've got it all figured out, someone changes the rules.

    {{ DiscussionBoard.errors[4517238].message }}
    • Profile picture of the author Shannon Herod
      Originally Posted by Dennis Gaskill View Post

      First of all, Wordpress itself will tell you if an update is available. You don't need Fantastico for that.

      Second, using Fantastico is a horrible idea. It installs Wordpress with all the default settings. Hackers know the default settings, and that's one of the main ways they gain access.

      You should learn how to create a secure database and modify some of the default settings in the script, and then manually install Wordpress. Choose your themes and plugins carefully as well.
      That is what I was going to say. If you have the know how you need to install WP manually.

      Shannon
      {{ DiscussionBoard.errors[4518424].message }}
  • Profile picture of the author JustSomeWarrior
    Dennis, that's true. But if you have an old blog that you forget about, as I did, you won't see that alert. This was a test blog I installed for a project a long time ago. I let it sit and forgot all about it. I wouldn't have even remembered it was there except for this incident.

    I personally have a very technical background and have been quite intimate with the wordpress PHP code. I have developed tools to allow me to manually upload bulk posts into the MySQL database. But not everyone else can do that.
    {{ DiscussionBoard.errors[4517290].message }}
    • Profile picture of the author Dennis Gaskill
      Originally Posted by JustSomeWarrior View Post

      Dennis, that's true. But if you have an old blog that you forget about, as I did, you won't see that alert. This was a test blog I installed for a project a long time ago. I let it sit and forgot all about it. I wouldn't have even remembered it was there except for this incident.

      I personally have a very technical background and have been quite intimate with the wordpress PHP code. I have developed tools to allow me to manually upload bulk posts into the MySQL database. But not everyone else can do that.
      You have my sympathies for being hacked. I had that happen to me, not through WP but through a freeware reciprocal link script. It sucked.

      However, you did recommend people use Fantastico to install WP, thus my strong warning. I don't want people following that advice and having their blogs get hacked. Fantastico is a menace with regards to WP, as far as I'm concerned. I know you meant well and I can appreciate that, so thanks for trying to help others.

      @ Bill - great follow up post!
      Signature

      Just when you think you've got it all figured out, someone changes the rules.

      {{ DiscussionBoard.errors[4517338].message }}
    • Profile picture of the author Sire
      Originally Posted by JustSomeWarrior View Post

      Dennis, that's true. But if you have an old blog that you forget about, as I did, you won't see that alert. This was a test blog I installed for a project a long time ago. I let it sit and forgot all about it. I wouldn't have even remembered it was there except for this incident.

      I personally have a very technical background and have been quite intimate with the wordpress PHP code. I have developed tools to allow me to manually upload bulk posts into the MySQL database. But not everyone else can do that.
      Looks to me like the fact that it is an old blog is why it was open for attack, that is why you have to update you wordpress continuously to keep it from getting hacked.
      {{ DiscussionBoard.errors[4517443].message }}
  • Profile picture of the author mywebwork
    I concur with Dennis 100%, Fantastico and Quick Install are the absolute worst ways to install and maintain WordPress!

    A secure installation of WordPress is always performed manually. Use an obscure database name and database username with a secure password. Change the WordPress database prefix to something other than the default "wp_". Choose and administrator name that is not "admin", and give it a strong password. And go to http://api.wordpress.org/secret-key/1.1/ and obtain a unique set of security keys and enter them into your wp-config.php file.

    Once WordPress is installed establish a proven backup and restore routine, and stick to it. Keep WordPress and its plugins & themes updated, and only use plugins that are known to be good with your version of WordPress. And learn to use your .htaccess file effectively.

    While I realize that the OP is only trying to help and I'm sure has nothing but the best intentions his advice regarding Fantastico is very, very wrong. Fantastico has its uses, but building and maintaining secure WordPress websites is not one of them!

    Bill
    {{ DiscussionBoard.errors[4517303].message }}
  • Profile picture of the author Leslie B
    I can do nothing else but strongle agree with Dennis and Bill. Using an automated script like Fantastico will create a blog that is nothing but a default installation, with all the vulnerabilities that WordPress comes with. Doing a manual installation for WordPress with at least a few layers of extra security added (like the ones Bill mentioned) doesn't take much longer then 5 to 10 minutes.

    I feel sorry that your site is hacked though, Justsomewarrior, and I respect that you are trying to help others so it won't happen to them, but using a script like Fantastico to install WP just isn't the way to do it. I see a lot of hacked sites from clients and 9 out of 10 times they used Fantastico to install their blog and had a username that said "admin". It really just isn't worth it.

    I hope your hosting account is fixed now and cleaned up, and that you got the other sites you have on their more secure. If some of them are WordPress and you have no idea on how to do that, shoot me a PM, I'm always happy to help you.

    Leslie
    Signature
    Taking it one day at a time!
    {{ DiscussionBoard.errors[4517427].message }}
  • Profile picture of the author JustSomeWarrior
    Just so everyone realizes - the trouble was with a terribly outdated installation. It was version 2.X - the hack was a legit hack, not someone cracking a password through brute force, which is what everyone else in here is talking about.

    That just doesn't happen very often because the chance of your blog being worth all that effort is rare.

    You are much more likely to be hacked by automated scripts that crawl the web looking for vulnerabilities in your installation.

    This is what happened to me. No one guessed my passwords, etc. As a matter of fact, the installation was installed "manually" using all unique settings.

    The bottom line is that you need to keep your wordpress account updated if you want to keep it protected from these kinds of attacks.
    {{ DiscussionBoard.errors[4517719].message }}
  • Profile picture of the author Leslie B
    We all agree that you need to keep your wordpress updated. Almost every new version has security fixes, so it's important to keep on top of that.

    What we just wanted to mention is that the advice you gave wasn't as safe as it seemed to be, that's all. We wouldn't want people who are new to wordpress believe that it would be much safer to install WordPress through fantastico or another script then it is to do it manually and take all the necessary steps to add extra security.

    Leslie
    Signature
    Taking it one day at a time!
    {{ DiscussionBoard.errors[4517742].message }}
  • Profile picture of the author foreignnative
    This has inspired me to look into some security related plugins. I got so caught up in content creation, design, and the business aspects I guess I forget to lock my own door.
    {{ DiscussionBoard.errors[4517772].message }}
  • Profile picture of the author azmanar
    Hi,

    I have some WP tips in my WF blog.

    http://www.warriorforum.com/blogs/az...han-sorry.html

    Just in case.
    Signature
    === >>> Tomorrow Should Be Better Than Today

    {{ DiscussionBoard.errors[4517794].message }}
  • Profile picture of the author joemayerich
    How is it changed from the admin account?
    {{ DiscussionBoard.errors[4517798].message }}
  • Profile picture of the author Karan Goel
    My site (GeekZu) was hacked THRICE in the last 2 months.

    I was lucky I had daily backups of my site, and an incredibly-genius mind to curb out the hacks. B)
    Signature
    Penalty Safe, Long Term, 100% Whitehat Backlinks
    Love your site? Then check out SafeSpokes!
    ~_~_~_~_~_~_~_~_~_~_~_~_~_~_~_~_~_~_~_
    karan996@irchiver.com karan997@irchiver.com
    {{ DiscussionBoard.errors[4518063].message }}
  • Profile picture of the author samples
    Backups are always a good idea
    I have several wordpress sites was hacked
    {{ DiscussionBoard.errors[4518093].message }}
    • Profile picture of the author Gaz Cooper
      I had 50 of my sites hacked but since that I never install wordpress without the following 2 plugins

      Bullet Proof Security
      Log In Lockdown

      Never had a problem since

      Kickin it on Amazon

      Gaz Cooper
      Amz Training Academy
      Signature

      Beginners Guide to getting started in CRYPTO, FREE Ebook on a Massive Opportunity as the World shifts to Digital payment http://amzauthorityzone.com

      {{ DiscussionBoard.errors[4518397].message }}
  • Profile picture of the author pattana083
    Thanks for the warning
    {{ DiscussionBoard.errors[4554000].message }}

Trending Topics