Site was Hacked - Please Help want to learn A- z of securing Wordpress

23 replies
Hi Everyone,

Im posting becuase one of my biggest earning wordpress sites was Hacked. I noticed commissions had dropped for a few weeks and didnt think anything of it till something said this doesnt make sense had a look and someone has hacked the site.
I still have access to the wordress admin - so from what i understand to this point i believe its a server hack on my hosting
One other point is i think its a personal attack by an individual on my site not a automated computer hack. I say this becuase for the past 2 months or so i have got my hosting provider to reinstall the backups and within 24 hours the sites hacked again this hacking tennis game has gone on for 2 months. However im not interested in playing.


(Coincidentally im not a techie so when people say reinstore the backups and databases - i don't in all honest know whats going on. However reason for posting this is to get this resolved and to learn so it will not happen again)

I have read some of the great posts by azmanar http://www.warriorforum.com/blogs/az...han-sorry.html and i have also bought a product wordpress shield.

However this Hacker is on top of this and is constantly hacking the site once i try and reinstall everything. Clearly im missing something (along from 3 months of commissions).

I normally have my hosting with hostgator however ive also discovered that the site is being hosted with justhost.

What i need is someone to help me get this resolved - i be happy to pay if they want to take the information and get it sorted, though please guys help me sort this out once and for all.

I be really appreciative and indebted if i can resolve this with the forums help.
Looking forward to your responses.

Warmest
Tom
#hacked #learn #securing #site #wordpress
  • Profile picture of the author theKnurd
    Can try to help some in the forum or if you need major help you can PM me.

    First things first - go to your webhost cpanel and change your primary and ftp passwords to something secure!! Then login to wordpress and change your admin password to something secure. If they are consistently hacking you...they likely have one of your passwords.
    {{ DiscussionBoard.errors[4832983].message }}
    • Profile picture of the author leclaims
      Originally Posted by theKnurd View Post

      Can try to help some in the forum or if you need major help you can PM me.

      First things first - go to your webhost cpanel and change your primary and ftp passwords to something secure!! Then login to wordpress and change your admin password to something secure. If they are consistently hacking you...they likely have one of your passwords.
      Agreed, definitely start with changing all of your passwords.

      ....And change them on a regular basis. Most hosting providers have password generators that you can use. My advice, use them, and don't rely on passwords that you've been using for years.
      {{ DiscussionBoard.errors[4833030].message }}
      • Profile picture of the author AnniePot
        Hi Tom

        I recently wrote a post on my blog on this very subject. It should help you
        Wordpress Security Doesn't Need To Be Difficult | Internet Marketing and Publishing
        {{ DiscussionBoard.errors[4833060].message }}
        • Profile picture of the author theKnurd
          Just noticed you can't PM yet. I added my skype details if you have an account for that.
          {{ DiscussionBoard.errors[4833209].message }}
        • Profile picture of the author BIG Mike
          Banned
          [DELETED]
          {{ DiscussionBoard.errors[4833346].message }}
          • Profile picture of the author AnniePot
            Originally Posted by BIG Mike View Post

            That's a nice post Annie!

            I was going to suggest the config file trick, but here's one to add to it...move your .htaccess file above the root as well. Place a blank .htaccess file in the root folder and set the permissions on it to 444.

            Actually, this tip isn't just for WP but for any website - a common hack is to replace .htaccess with one that redirects traffic off site based on search engine traffic. Most of the time, no one even realizes their site has been doing this for months on end.
            Another excellent tip. Thanks Mike
            {{ DiscussionBoard.errors[4833509].message }}
        • Profile picture of the author Tom Ryan
          Originally Posted by AnniePot View Post

          Hi Tom

          I recently wrote a post on my blog on this very subject. It should help you
          Wordpress Security Doesn't Need To Be Difficult | Internet Marketing and Publishing
          Nice post Annie, you've got a lot of simple yet effective tips for keeping wordpress sites secure. Thanks for sharing.
          Signature


          {{ DiscussionBoard.errors[4833525].message }}
    • Profile picture of the author MikeBarcus
      Originally Posted by theKnurd View Post

      Can try to help some in the forum or if you need major help you can PM me.

      First things first - go to your webhost cpanel and change your primary and ftp passwords to something secure!! Then login to wordpress and change your admin password to something secure. If they are consistently hacking you...they likely have one of your passwords.
      Also I suggest you add a new admin for your blog, give it a unique name something with numbers, letters and special characters. NEVER just use 'admin' as your username.

      Make sure you can login with it and then delete your original admin.

      Have you tried contacting HostGator? If not, do so right away and tell them what's going on. They should be able to help!

      Good luck, I hope you get the problem solved quickly.
      {{ DiscussionBoard.errors[4833050].message }}
  • Profile picture of the author trevord92
    The plugin I use on most of my Wordpress blogs is Limit Login Attempts which seems to work fine.

    Add in a random password generated by somewhere like Random Password Generator (I go for a password length of 12 and also tick the "include punctuation" box) should make the hacker's life a lot more difficult.
    {{ DiscussionBoard.errors[4833429].message }}
  • Profile picture of the author Michelle Stevens
    Tom I have just PM'd you with some info
    {{ DiscussionBoard.errors[4833666].message }}
  • Profile picture of the author LeeShelton
    From the experience of other WP site admins -- what do you see as the most common hack method:
    * SQL Injection of malicious code,
    * Spam Links or Malware embedded in a rogue theme or plugin
    * Somehow getting shell access on shared hosting to overwrite files,
    * or other?

    I am confused about why I need 755 permission on directories, when there is (at least it seems) no way to upload and/or overwrite files on the web server. (Comments being the only user-input offered on the site)

    Thank you
    {{ DiscussionBoard.errors[4844025].message }}
  • Profile picture of the author Gaz Cooper
    I'm no techie but after having 50 of my sites hacked and infected I had to not only get them cleaned up but also avoid that ever happening again.

    First thing I do now for any new site is install

    BulletProof Security
    Lock in Lockdown

    Never had a problem since

    Kickin it on Amazon

    Gaz Cooper
    Amz Training Academy
    Signature
    Beginners get Started with AMAZON, we will give you a FREE custom made Amazon Site when you purchase hosting through us contact us at http://authorityzonesupport.com/

    {{ DiscussionBoard.errors[4844088].message }}
    • Profile picture of the author Tony Marriott
      Originally Posted by MikeBarcus View Post

      Also I suggest you add a new admin for your blog, give it a unique name something with numbers, letters and special characters. NEVER just use 'admin' as your username.

      Make sure you can login with it and then delete your original admin.

      Have you tried contacting HostGator? If not, do so right away and tell them what's going on. They should be able to help!

      Good luck, I hope you get the problem solved quickly.
      If you don't use a nickname then whatever "admin" name you choose will display as the post author on every post. So Just "not using admin" is not the best advice.

      Nothings perfect but dealing with the more obvious issues first is a good plan.

      1. Keep your Wordpress and plugins up to date (once a security leak is know it is freely distributed so attacking known (older) versions of wordpress for known security leaks is easy).
      2. This is the biggy and I see it abused all the time. Passwords. Password crackers use dictionary words as their base. So use passwords that do not contain dictionary words, use at least 10-14 character, upper case. lower case, numbers, special characters. It would take a brute force cracker years to break a 14 character password like that.
      3. DON'T (PLEASE) use the same password for all your site. (yes you do, you know it and I know know it -just stop it)
      4. Your hosting/FTP account login needs to just as secure as your Wordpress.

      No that won't stop all hackers, you never will but it will cover 99%.

      So working on the premise that you still might get hacked
      5. Keep regular backups. Do not rely on your host to be your backup provider unless it is contractual (most are not).

      Sometimes security pro's can overlook the obvious (wood for the trees)

      I remember seeing the news (years ago) when Mercedes had invented the first 10,000,000 variations door lock that would stop any thief dead in his tracks. Until they smashed the window of course:confused:
      {{ DiscussionBoard.errors[4845276].message }}
      • Profile picture of the author tomocal2010
        Hi everyone thankyou for your input its been so helpful.

        As we speak right now my sites back.
        The first thing i did was change the passwords for my wp blog and also my hosting account.

        I went through the wordpress themes folder on the cpanel and found the theme i was using had - hacked after it.....Using reasoning faculties i deleted this theme from the cpanel straight away (incidently on wordpress this was the thing that needed updating - think thats how this hacker got in). I changed the theme to another and im back online.

        If anyone else encounters this if you delete a theme make sure youve got your content saved so you can upload it to a new theme. Also feel free to send an email if they need any advise from what ive learnt from this

        I want to Thank everyone for their help particularly Michelle for the ebook email and also colinph970 i would pm however i haven't got enough posts yet. I think you can email through this?

        I keep everything updated.

        Warmest
        TC
        {{ DiscussionBoard.errors[4845591].message }}
  • Profile picture of the author colinph970
    I have an ebook which sells on Amazon called "Wordpress Hacked". Pmail me an email address and i'll send you a free copy. You can see details at:

    Amazon.com: Wordpress Hacked Report eBook: Mandy...Amazon.com: Wordpress Hacked Report eBook: Mandy...
    Wordpress Hacked Report eBook: Mandy Hardwick:...Wordpress Hacked Report eBook: Mandy Hardwick:...
    {{ DiscussionBoard.errors[4845250].message }}
  • Profile picture of the author Born2rule
    Having read AnniePot interesting post, I install his recommended "Exploit Scanner plugin" to my horror I discover that one of my site may have been hacked, using the "Exploit Scanner" it uncover several security threat. Now am not sure how to go about cleaning up the site. This site was making good money with CPA, It suddenly drop to page 5 in Google, so is the PR4 now PR0. I will appreciate if someone can help me sort this out!

    Thanks in advance
    {{ DiscussionBoard.errors[4851488].message }}
    • Profile picture of the author cooler1
      Originally Posted by Born2rule View Post

      Having read AnniePot interesting post, I install his recommended "Exploit Scanner plugin" to my horror I discover that one of my site may have been hacked, using the "Exploit Scanner" it uncover several security threat. Now am not sure how to go about cleaning up the site. This site was making good money with CPA, It suddenly drop to page 5 in Google, so is the PR4 now PR0. I will appreciate if someone can help me sort this out!

      Thanks in advance
      Where did it find the threat exactly? Did you make a note of it?

      I ran the scanner also and it showed lots of threats. I think the scanner just finds pieces of code in plugins, etc.. which it think are a potential threat to run malicious code. It doesn't mean they are a threat.
      Signature

      {{ DiscussionBoard.errors[4852757].message }}
  • Profile picture of the author John Henderson
    Hey Tomocal. I haven't yet tried this WSO, but it seemed to get good reviews when it came out. Just a thought...
    http://www.warriorforum.com/warrior-...ot-v3-0-a.html
    {{ DiscussionBoard.errors[4851714].message }}
  • Profile picture of the author Born2rule
    Thanks John, I will have a look at this WSO wordpress secured now.
    {{ DiscussionBoard.errors[4852059].message }}
  • Profile picture of the author Robert Michael
    There is a thread going on about a similar problem (I think) and the information in there might help you out too. Heres the thread:

    http://www.warriorforum.com/programm...-now-what.html
    {{ DiscussionBoard.errors[4852097].message }}
    • Profile picture of the author tomocal2010
      Born rule read through this post from the start.
      Your know if the sites been hacked what sort of state is it in right now.
      {{ DiscussionBoard.errors[4852420].message }}
  • Profile picture of the author Born2rule
    Yaah, I reinstall the the site from backup, and ran the "Exploit Scanner plugin"again with similar threat result, COOLER1, you are right, this plugin does raise a false alarm!
    I installed the free BulletProof Security and Lock in Lockdown plugin thou, its better to be safe than sorry!

    {{ DiscussionBoard.errors[4867974].message }}
  • Profile picture of the author Prosecutor
    Thought of "managed hosting." This is worth it if your earnings are substantial enough.
    {{ DiscussionBoard.errors[4867982].message }}
  • Profile picture of the author NETDAWG
    To avoid hacking *DO NOT USE FANTASTICO*, this is what makes it easy for hackers. To avoid hacking you need to install wordpress manually from WordPress › Blog Tool and Publishing Platform, this way the file extensions aren't generic and easy for hackers to exploit.
    Signature
    Click here for great point of sale and efficient inventory software.
    Learn more about manufacturing inventory software.
    {{ DiscussionBoard.errors[4868489].message }}

Trending Topics