Wordpress Site Hacked what to do

20 replies
Hello. Today 3 of my wordpress blogs got hacked. Hacker replace my index.php with his own. So when I entered my blog it was saying hacked by bla bla bla, how he manage to replace this file without ftp access ? I have strong passwords stored in the KeePass Portable. Can you tell me what are the best plugins to secure my blogs ? I want to change wordpress login adress and other settings. I can't remember name of this plugin.
#hacked #site #wordpress
  • Profile picture of the author kofys2011
    Wordpress websites are prone to hacks if not protected by right anti hack plugins . Get Plugins installed
    Signature
    Digital Marketing and Automation Agency
    http://www.edynamic.net
    Digital Transformation in Law firms- eDynamic
    http://www.edynamic.net/Industries/Legal.aspx

    {{ DiscussionBoard.errors[8073789].message }}
  • If you are not sure how to recover your site then you can hire someone on fiverr to get back your site.
    My WP site was also hacked few months ago and this guy helped me to recover my site completely.
    Here is the link of his service
    Bannda will fix your hacked wordpress/ magento/ opencart site for $5, only on fiverr.com (not my account)
    {{ DiscussionBoard.errors[8073810].message }}
  • Profile picture of the author Creative89
    I replaced this index.php from clean wordpress and its working, please let me know some good plugins to secure my blogs
    {{ DiscussionBoard.errors[8073818].message }}
  • Profile picture of the author SimonJBell
    Just a few pointers to toughen up your WP site:
    • Regularly update to the latest version WP
    • Rename all login areas - i.e. don't use the default /wp-login.php or /wp-admin - use something random
    • Limit login attempts - I think WP comes with this plugin enabled by default after the recent security flaw
    • Allowing comment file attachments are vulnerable (this could be one way your site got hacked) - either disable file attachments completely or edit the site settings settings
    Signature

    Get free business start-up advice from Fruit Pig

    {{ DiscussionBoard.errors[8073850].message }}
  • Profile picture of the author CandyxLand
    First, get your hosting company to restore your site to the last time you saved your database. Then, secure your site the best you can with the wordpress security plugins that are out there. Change ALL of your passwords and check ALL of your permissions. It's possible you left something unsecured, such as your FTP access.
    {{ DiscussionBoard.errors[8073979].message }}
  • {{ DiscussionBoard.errors[8074073].message }}
  • Profile picture of the author YasirYar
    I am sorry to hear about your blogs. Once you are able to recover them try installing limit login for WordPress, that should work. I think this is brute force hacking.
    Signature

    >>>Get your websites ACTUALLY ranked by checking these out: Quantum SEO Labs, Home Page Link Building & SERP Ability. Want to get rid of negative listings? Check out Reputation Enhancer.

    {{ DiscussionBoard.errors[8074076].message }}
  • Profile picture of the author Creative89
    This is just generated password from my program oNp1EQC7FQSFM5jhqpRD how someone can pass this ? Thanks for your help, all passwords are changed, and I installed BulletProof Security plugin.
    {{ DiscussionBoard.errors[8074135].message }}
  • Profile picture of the author TravisO
    Do you have a website back-up? It's your last resort.
    {{ DiscussionBoard.errors[8074137].message }}
    • Profile picture of the author Creative89
      Originally Posted by TravisO View Post

      Do you have a website back-up? It's your last resort.
      I checked logs and no one was trying to log to my Cpanel or PHPMyAdmin. I have made copy of my wordpress databases.
      {{ DiscussionBoard.errors[8074146].message }}
  • Profile picture of the author freotech
    This is what i would do ,

    1. Check your pc first for malware/virus
    2. Update your FTP software eg filezilla
    3. Dont store any ftp password in filezilla

    The reason why the above 3 are important is because sometime your site good be hacked using your PC. It has happened to me before.

    4. Reset your Admin password, reset your Cpanel/hosting password

    5. Update your wordpress to the latest version

    6. Contact your host and ask them to scan your site for any virus/malaware.

    hope that helps
    {{ DiscussionBoard.errors[8074404].message }}
    • Profile picture of the author Myles Sinclair
      From what you've described it doesn't sound as though the hacker managed to access your WP admins. They somehow obtained your ftp details, and replaced your index.php files with theirs. Take a look in the images folder in public_html and you'll probably see some of the pics they uploaded.

      Ftp is not a safe method to connect to your server as it transmits your login details in plain text. I'd advise anyone who uploads or downloads files from their server to use sftp. It's just as easy to set up using Filezilla, and it keeps your login data private.
      {{ DiscussionBoard.errors[8074465].message }}
  • Profile picture of the author RobinInTexas
    Depending on your host, the fault could lie there.

    In the alternative, there are some backdoor exploits hackers can use to access Wordpress. Once a hacker gets access to your WordPress they can do just about anything they want.

    I use Wordfence to block access attempts and to scan my sites for potential problems.

    I use an .htaccess file that I adapted from the Bulletproof security plugin to further tighten security.

    I don't view the features of Bulletproof security as an active plugin as particularly beneficial. Take note that if you use Bulletproof security to create the .htaccess files, you need to use a file manager to delete or rename "bulletproof-security.php" rather than using WordPress to deactivate it as deactivation removes the changed and improved .htaccess files.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[8074837].message }}
    • Profile picture of the author MrMontgomery
      * Password protect your wp-admin area

      * Always have a clean install of your theme

      * Update Wordpress regulary

      * Use WordPress Security Scan, WordPress Antivirus and WP Malwatch
      {{ DiscussionBoard.errors[8074846].message }}
  • Profile picture of the author katherineolga
    This happened to me. ALL my sites were hit last summer. They got in through a zencart site that didn't have protection - on all my wordpress sites I do use a plugin to help secure it but on the zencart site I didn't. I have hostgator and I turned the problem over to them. They recovered all my sites and have been helping me iron out all the kinks ever since.
    {{ DiscussionBoard.errors[8074848].message }}
  • Profile picture of the author kimberly Aita
    My sites were getting hacked constantly and I just kept changing the passwords but last week they just deleted every one of my files. It has to be the ftp and now I can't even upload files to my public html....

    Any ideas as to why that happened? I also used better wordpress security plus cloudflare and oddly the problem seemed to get worse until, like I said they just deleted everything.

    Hope you don't have any more problems with your sites.
    {{ DiscussionBoard.errors[8074893].message }}
  • Profile picture of the author Steven Miranda
    Check this plugin out that will hide your wordpress install from hackers and scanners.

    WordPress - Hide My WP - No one can know you use WordPress! | CodeCanyon
    {{ DiscussionBoard.errors[8075081].message }}
    • Profile picture of the author RobinInTexas
      Originally Posted by Steven Miranda View Post

      Check this plugin out that will hide your wordpress install from hackers and scanners.

      WordPress - Hide My WP - No one can know you use WordPress! | CodeCanyon
      Code Canyon doesn't do anything for the $20 that the other popular free plugins do.

      Best to go through the following

      Hardening WordPress « WordPress Codex

      and install 2 plugins:

      Better WP Security

      or

      BulletProof Security

      AND

      Wordfence Security
      Signature

      Robin



      ...Even if you're on the right track, you'll get run over if you just set there.
      {{ DiscussionBoard.errors[8075127].message }}
    • Profile picture of the author DelSyllables
      Originally Posted by Steven Miranda View Post

      Check this plugin out that will hide your wordpress install from hackers and scanners.

      WordPress - Hide My WP - No one can know you use WordPress! | CodeCanyon
      Hi,

      Hide My WP

      This seems like a great plugin for security and to hide information related to your themes and other WordPress details found on the page source.

      But regarding this plugin, I think it changes some of the permalinks.. does it then affect SEO for a certain site? also, what is the difference between keying in the purchase code and leaving it blank.. It seems to work even without the purchase code. Thanks so much!
      Signature
      Dot Com Journey - as the name suggests.
      {{ DiscussionBoard.errors[8297612].message }}

Trending Topics