WP sites been hacked?

20 replies
What can I do to stop my WP sites being hacked in future, having recreated them?

I've made my username and password more complicated so far.

Thanks guys.

Rob

PS if anyone says about looking at plugins, can anyone recommend one?
#hacked #sites
  • {{ DiscussionBoard.errors[5153906].message }}
    • Profile picture of the author jrpt
      Cross your fingers. The hackers can get into the wordpress foundation without needing your password once they find the areas to attack. Just keep your sites backed up in case.
      Signature

      {{ DiscussionBoard.errors[5153950].message }}
  • Profile picture of the author Alexander K
    I second what Chase said. Also make sure to backup your website. So if you do lose it again, you can restore it. If this happened to you recently? You could try seeing if your host has a backup of it for you.
    Signature
    [EliteWebsiteTraffic.com] - Purchase Up To 10 Million Targeted Visitors a Month.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    [EasySocials.com] -Buy Youtube (Views, Followers, Subs, Likes, Comments), Facebook Fans, Twitter (Followers & Retweets), Pinterest, Tumblr, Instagram, Vimeo, Soundcloud. [Affiliate & Reseller Program Available]
    {{ DiscussionBoard.errors[5153946].message }}
  • Profile picture of the author CyberAlien
    Before you start actually installing those plugins you should really contact your hosting company and have them investigate what exactly happened though. It won't help if there is still an exploit in your WordPress or a server issue.
    {{ DiscussionBoard.errors[5153957].message }}
  • Profile picture of the author sbucciarel
    Banned
    Here's the way I do it without any software or plugins. Takes a couple of minutes.

    http://www.warriorforum.com/main-int...your-site.html
    {{ DiscussionBoard.errors[5154058].message }}
  • Profile picture of the author globalwalyy
    Hmm , what a great question for great people....id would say, never use common word for your username such as administration , admin,owner, and some common word,....and don't ever use dictionary word for use password, use meaniless word....don't use ur name, birthday, favourite pet for your password....with all this poem of mine you will be safe
    Signature
    Life is a song - sing it. Life is a game - play it. Life is a challenge - meet it. Life is a dream - realize it. Life is a sacrifice - offer it. Life is love - enjoy it.


    {{ DiscussionBoard.errors[5154146].message }}
  • Profile picture of the author nicelife
    I use the WordPress › Login LockDown « WordPress Plugins plugin and have not been experiencing any hacking problems ever since I installed it.
    {{ DiscussionBoard.errors[5154154].message }}
  • Profile picture of the author jdkesler
    The WordPress support forum has a pretty good tutorial on how to deal with hacking. I am not allowed to post links yet but if you go to http codex dot wordpress dot org/FAQ_My_site_was_hacked you will find some good advice on what to do. Including being sure to check your computer for malware or trojans as the hack may have been introduced from your computer.
    Signature

    Do you know who got rich during the gold rush? GoldMiner Marketing Jesse Kesler

    {{ DiscussionBoard.errors[5154273].message }}
  • Profile picture of the author Chris Chicas
    GoDaddy allows you to back up your site into their servers - and they actually seem to encourage you to do this and make it more difficult for you to do an export.

    My only question is... if someone hacks into your site - what is going to prevent them from trashing that backup all together? : /
    {{ DiscussionBoard.errors[5154306].message }}
    • Profile picture of the author sbucciarel
      Banned
      Originally Posted by Christiani View Post

      GoDaddy allows you to back up your site into their servers - and they actually seem to encourage you to do this and make it more difficult for you to do an export.

      My only question is... if someone hacks into your site - what is going to prevent them from trashing that backup all together? : /
      With the way I backup as described above, I have my backup files downloaded to my hard drive. Only have to upload, unzip, import the database and it's all fixed.
      {{ DiscussionBoard.errors[5154321].message }}
  • Profile picture of the author erskinem
    Great outline Suzanne.

    I've been using backupbuddy from iThemes. I can set it to schedule backups and send them to remote sources (FTP, s3, email) as well as download locally. I also use WP-DB backup to backup just the mySQL database. That plugin can also be scheduled.

    I keep a local backup file of all of my projects, and a free gmail account that I use just for periodic backups.
    {{ DiscussionBoard.errors[5154988].message }}
  • Profile picture of the author IMdude123
    make a new password every month or so, and make it really complicated. that should stop hackers.
    {{ DiscussionBoard.errors[5155014].message }}
  • Profile picture of the author trankgv
    why not update the original directory to admin file,have you recover your website now?
    {{ DiscussionBoard.errors[5155126].message }}
  • You should think about getting stronger passwords. Also, never make your log in username ADMIN. That is too easy to guess... so make your username something long and hard to crack. Just write it down and keep it in a secure place.
    {{ DiscussionBoard.errors[5155156].message }}
  • Profile picture of the author SEOexpertSEO
    I had this happen to one of my client's websites. It's important to have a backup. I like Hostgator because they backup your website (and SQL files) regularly.
    Signature

    I've helped 1723 businesses get more customers. If you want to be successful at your local, national, or international business visit http://bluesearchmarketing.com

    {{ DiscussionBoard.errors[5155196].message }}
    • Profile picture of the author CyberAlien
      Originally Posted by SEOexpertSEO View Post

      I had this happen to one of my client's websites. It's important to have a backup. I like Hostgator because they backup your website (and SQL files) regularly.
      And they are pretty good at finding out how the website was originally compromised and can usually just fix it themselves so that it doesn't happen again.
      {{ DiscussionBoard.errors[5156241].message }}
  • Profile picture of the author Buum
    What theme are you using? I used the one with old version of timthumb script and my site was hacked too. Somebody replaced all wordpress files and was sending spam. I installed last timthumb version and it's fine now.
    {{ DiscussionBoard.errors[5155229].message }}
  • Profile picture of the author sonicadam123
    a few plugins for you to try ..

    login lockdown - was mentioned earlier but really great against brute force attacks

    wordpress file monitor - get the heads up if anyone edits your files

    ultimate security checker - great security checker, lists your sites vulnerabilities then shows you how to fix them

    secure wp - this will fix a number of security exploits but if you register with websitedefender.com it will also scan your site for malware & other potential issues.
    {{ DiscussionBoard.errors[5155323].message }}
  • Profile picture of the author bhola badshah
    The best way to keep yourself safe is to have backups, your hosting must provide you a data backup facility and download the data at least once per two week or weekly, preserve your data for example 1 backup copies of last 3 months. you can simple reupload the code to stay away from malicious injections.
    {{ DiscussionBoard.errors[5159555].message }}
  • all of the above listed solutions are great but they may just be a band-aide or a stitch until the wound is re-opened! I agree with a previous poster; make sure you contact your host and have them investigate it. If your being targeted by competition, it may happen again.

    I check my websites every single day to make sure everything is working and error free. That is really the only way to guarantee little/no down-time. (sometimes the manual way is the best way)

    Mark
    {{ DiscussionBoard.errors[5159808].message }}

Trending Topics