What would you do if Wordpress website gets hacked twice in one week?

27 replies
Hey fellow warriors! I know e are here to dicuss business, sure we do. But when it comes to terror, these website hackers are real pain in the butt.

What if you update your Wordpress website to version 3.4 and next day you visit your own site and realise it got hacked? What would you do when after restoring your data back and again it gets hacked?

A wordpress getting hacked twice in one week by some FarFar14 or 18 named hacker from Turkey. Who destroys your credibility by putting his terror on your site's homepage.

What would you do to safeguard your wordpress website?

How would you make your site hacker proof?
#hacked #website #week #wordpress
  • Profile picture of the author Eric Riltz
    Ah... I've just posted something quite similar to my reply here...

    You should contact this person: warriorforum.com/blogs/sannyman/14795-i-am-not-internet-marketer.html

    He is a specialist for fixing this kind of problems.
    Signature

    Now on Warrior Forum: Let's Build and Grow a Newsletter together...
    >>> Click here to read the thread

    {{ DiscussionBoard.errors[6534549].message }}
  • Profile picture of the author goneebo
    Project honeypot is what i use my pages

    that and botrevolt.com for my computer
    {{ DiscussionBoard.errors[6534564].message }}
  • Profile picture of the author abbeyonline
    From my limited knowledge, you first need to know how you got hack. Is it through your ftp, cpanel or wordpress login? In any case, scan your computer with a very good anti-virus software and change all your passwords for ftp, hosting, cpanel and wordpress login.

    Also don't store your password in the file transfer protocol (ftp).
    {{ DiscussionBoard.errors[6534983].message }}
    • Profile picture of the author gerardhevey
      The 5G Firewall is the result of many months of meticulous request monitoring, analyses, and testing. With this code, my goal is an easy, plug-n-play security firewall that blocks the maximum volume of malicious requests with a minimum number of false positives. It's also built with compatibility in mind. The 5G Firewall is fine-tuned3 to WordPress, but the directives are designed for general use and should help any site conserve bandwidth and server resources while protecting against malicious activity.

      5G Firewall Beta : Perishable Press
      Signature

      Gerard D Hevey

      {{ DiscussionBoard.errors[6538182].message }}
  • Profile picture of the author TheClarkey
    Definitely look into improving your security!
    {{ DiscussionBoard.errors[6538368].message }}
  • Freak out, say "F it", and take a nap
    Signature

    PM Me Now!

    {{ DiscussionBoard.errors[6538375].message }}
  • Profile picture of the author TimPiazza
    Don't forget to check plug-ins and themes for hack-potential. If you have a theme using an earlier version of timthumb, updating your WP install isn't going to fix things for you.

    When I have had big sites hacked, I found that pouring through the access logs eventually led me to where the hack was coming from, and how they were pulling it off.
    {{ DiscussionBoard.errors[6539199].message }}
  • Profile picture of the author geekology
    I have gone through the same last month and have shared my experience on the blog . Down below the blog post, check the service I now use to monitor my sites. The customer support is great and service is inexpensive for the quality and peace of mind they provide.
    {{ DiscussionBoard.errors[6539334].message }}
  • Profile picture of the author RockyRasakith
    What a scary thought. I'd probably punch somebody in the face though.

    On a serious note, I make my passwords hard to guess. I have all types of &#*$& and 8573945 (characters and numbers variations in my pw).

    Still, I know it's not impossible to be hacked even with those extra precautions.
    Signature
    Entrepreneur and Mixed Martial Artist
    {{ DiscussionBoard.errors[6539461].message }}
  • Profile picture of the author SteveSRS
    Well it is possible they left a shell on your webservers but there are many factors to be checked.. doing nothing would be the worst:

    1. Do a full anti virus scan on your computer
    2. Change ALL your passwords (I mean ALL including your emails, ftp, wp, db, your hosting etc etc)
    3. Do a full db back-up
    4. Clean install of latest version of WP
    5. Put database back (actually to be thorough you should check db data also)
    6. don't yet re-install your plugins but first do some investigation if there are known exploits for your plugins
    7. reinstall plugins
    8. go hunting in your servers logs about what happened, when did you get hacked and how did they get in
    {{ DiscussionBoard.errors[6539558].message }}
  • Profile picture of the author azmanar
    Originally Posted by SARahman View Post

    Hey fellow warriors! I know e are here to dicuss business, sure we do. But when it comes to terror, these website hackers are real pain in the butt.

    What if you update your Wordpress website to version 3.4 and next day you visit your own site and realise it got hacked? What would you do when after restoring your data back and again it gets hacked?

    A wordpress getting hacked twice in one week by some FarFar14 or 18 named hacker from Turkey. Who destroys your credibility by putting his terror on your site's homepage.

    What would you do to safeguard your wordpress website?

    How would you make your site hacker proof?
    Hi SA Yar,

    I have written a basic guide in WF Blog that may help you.

    You can see the difference between getting hacked or hijacked. Check out vulnerabilities and hardened your WP site's defence against both.

    Check it out.
    Signature
    === >>> Tomorrow Should Be Better Than Today

    {{ DiscussionBoard.errors[6539682].message }}
  • Profile picture of the author lovboa
    Banned
    If you're not already, I would change my hosting to hostgator.

    My site was hacked, and they have amazing 24/7 live chat support. They were like my personal programming genie who went into my files and cleaned everything for me, and even found the source.
    {{ DiscussionBoard.errors[6540118].message }}
  • Profile picture of the author matt5409
    change all passwords - FTP, login and extra admin accounts (make then secure!). if possible, lock your FTP account.

    hacking shouldn't occur for at least a few more months

    if it does, contact your hosting company to find out why security is an issue.
    {{ DiscussionBoard.errors[6540125].message }}
  • Profile picture of the author Marketer Matt
    I agree with lovboa - Hostgator took care of me when I got hacked and they did it pretty fast. Whichever hosting company you have though, they can probably recommend a few things.

    Here are a few plugins to consider getting:
    WordPress › BulletProof Security « WordPress Plugins
    WordPress › AntiVirus « WordPress Plugins

    And here's a pretty good post from WP Tuts that should be helpful:
    11 Quick Tips: Securing Your WordPress Site | Wptuts+
    {{ DiscussionBoard.errors[6543749].message }}
  • Profile picture of the author Mark Gray
    Change all passwords
    update firewall
    Signature
    Coming Soon!!
    If you thought it was difficult to get traffic to your site, think again!
    How I Made Over $3240 in ONE Month with Only A Few Hours Work!
    Sign Up NOW For Early Bird Bonus!
    http://www.easytrafficmethods.com
    {{ DiscussionBoard.errors[6545842].message }}
  • Profile picture of the author MJ Christiansen
    Here's what I would do,

    Change all my passwords...I suggest the strong password generator
    Install WP Security
    Update to current wordpress
    Install an Anti-Virus Scan on the domain
    Change permissions for files
    Install login lock-down plugin
    Change Default Login "Admin" to something more unique

    I did the above when my website was hacked and till this day it hasn't been hacked. I think what also helps is logging in everyday...but not sure. Hope this helped
    {{ DiscussionBoard.errors[6545889].message }}
  • Profile picture of the author Igal Zeifman
    Changing passwords is advised but at this point you probably have shells and/or back-doors. (Double hack is not a coincidence.)

    Clean installation + pass change should help get rid of back-doors and shells but this will not solve the initial vulnerability that allowed the 1st hack to happen.

    What you need to do is to upgrade your protection by getting behind a WAF (NOT "just" Firewall but something that can help you with Application Security, since this is where most hacks occur)

    If you are using shared hosting or/and looking for plug-and-play solution, consider using Cloud-Based WAF.

    Price wise, these are very cost-effective solutions that will get you secured for just a few dozen dollars a month.
    Signature

    Igal Zeifman
    ----------------
    Community Manager / SEO @Incapsula - Cloud Security and Acceleration | DDoS Protection

    {{ DiscussionBoard.errors[6545922].message }}
  • Profile picture of the author botninja
    First of all what kind of hosting are you using - shared, vps, dedicated?

    If you are on shared hosting, your site may not be the one thats being hacked. If another site on the server has holes the hacker / defacer can gain access to the server from that and then deface, with a simple script, every site / domain on that server.

    If you are on your own VPS / Dedi then, like others have said, update your WP install if needed, get rid of old plugins that are not regularly maintained.

    Scan your own machine for malware, change passwords on that and on your webhosting.

    I used to run two web hosting companies years ago and even back then the same problems kept coming up....one site on the server was flakey and no matter what admin you did to secure the servers the back door was open to all and sundry to come and wreak havok.
    Signature
    Need something automated? Take a look at The Bot Shop
    {{ DiscussionBoard.errors[6548452].message }}
  • Profile picture of the author Peru101
    Did your host send you an email with the details? That can help you figure out what happened. Otherwise . . .

    --Change your WP password to something very secure. Use a Password generator if you can't think of something.
    --Change your CPanel password as well.
    --Scan your computer with antivirus software. I use Eset. It's the best out there, and I've never had a problem in five years.
    --Disable any information about your theme and version as well as your WP and version.
    --Back up your info regularly. Install the Wordpress Database Backup plugin. It automates the process and sends you an email of your files on your schedule.

    This won't stop everything, but it will get you started.
    {{ DiscussionBoard.errors[6548539].message }}
  • {{ DiscussionBoard.errors[6548559].message }}
  • {{ DiscussionBoard.errors[6549061].message }}
    • Profile picture of the author Haroon Ballim
      Make sure you backup , but dont just back up on your PC , back up on a portable harddrive , and keep another off site . Basically Norton can back up your files too.
      {{ DiscussionBoard.errors[6549141].message }}
  • Profile picture of the author weddiewa
    Originally Posted by SARahman View Post

    Hey fellow warriors! I know e are here to dicuss business, sure we do. But when it comes to terror, these website hackers are real pain in the butt.

    What if you update your Wordpress website to version 3.4 and next day you visit your own site and realise it got hacked? What would you do when after restoring your data back and again it gets hacked?

    A wordpress getting hacked twice in one week by some FarFar14 or 18 named hacker from Turkey. Who destroys your credibility by putting his terror on your site's homepage.

    What would you do to safeguard your wordpress website?

    How would you make your site hacker proof?
    You can get a safe blogging site at work-your-way-rich.com
    Signature

    Edward Walter
    http://financial-wellness.org
    Blog: http://legitpress.com
    Skype Tel. 1 (775) 461-5080

    {{ DiscussionBoard.errors[6549184].message }}
  • Profile picture of the author Surminga
    This happened to me but not in the one week, I got in touch with my hosting providers and they've got rid of all attacks and areas affected and instructed me on several plugins to use use such as better wp security and BPS Security
    Signature
    Surminga.com - SEO and Digital Marketing Agency

    Here are a few of our Blog's : Social Media Marketing Guide
    Or if you Fancy a Holiday? - Holiday Guide
    {{ DiscussionBoard.errors[6549188].message }}
  • Profile picture of the author dvduval
    I personally don't even bother with wordpress. It gets hacked all the time. We get a lot of customers at phpLD who are just tired of being hacked, and switch to our software. Wordpress has a lot to like, but it is just targeted so much you really never know if you are secure or not.
    Signature
    It is okay to contact me! I have been developing software since 1999, creating many popular products like phpLD.
    {{ DiscussionBoard.errors[6555993].message }}
  • Profile picture of the author wemakelogo
    if you need personal assistance, let me know - I will help you with hardening process, free of charge
    {{ DiscussionBoard.errors[6557092].message }}
  • Profile picture of the author Juan Jose
    Few things to consider next time you install your wordpress blog:

    1. Make wp-config private.
    2. Make wp-login a private login, with a different URL than the original.
    3. Make wp-admin/install unaccessable.
    4. Don't use 'admin' as superadmin username. Try hard-to-find names for this matter.

    Hope I helped.
    Signature
    {{ DiscussionBoard.errors[6557116].message }}

Trending Topics