How do I stop hackers from attacking my WP blogs?

41 replies
Hi guys,

I've been having problems as above and found this post, but it only talks about excess traffic/bots.

http://www.warriorforum.com/programm...utm_term=title

The problem is that hackers are adding code to my site at natural-anxiety-remedies.com and even after I clean it up, they put something right back within a few weeks. What can I do to stop them?

Please help... in plain English, please, as I'm not a programmer

Thanks.

Sylvia
#attacking #blogs #hackers #stop
  • Profile picture of the author dzcoder
    Hello, the first and the most important step is to secure ur website, there are a lot of method " install plug in, clean ur code " template and plug in " hide access, reprogram ur htaccess etc ...
    the second u should be safly don't install any thing are free founded in ineternet

    u can use also hide my wp u can hide with this plug in the wp login, and all access to ur website.

    cheers
    {{ DiscussionBoard.errors[10876303].message }}
  • Profile picture of the author Kherk Roldan
    you can try to install Hide My WP in codecanyon. and everything will be fine.
    {{ DiscussionBoard.errors[10876355].message }}
  • Profile picture of the author johnben1444
    Fact is, you can try but it's not going to be a guarantee. Big sites and companies with all the money and experts are still getting hit. That's the Internet for you but there are a few things you can do.

    1. Clean up your site and ensure all the malicious codes have been deleted from your site completely as well as hosting files.

    2. Change your password and regularly too.

    3. Install Word Fence plugin and upgrade to the paid version but if your site isn't making money yet i suggest you manage the free version first.

    4. Always update all your plugins. Some plugins get hacked that's why the owners make new update and when you don't update your site, you may become vulnerable.

    The most important thing is to go through all your website files first and clean them up or hire an expert to do that for you.

    Talk to me If you are still having some challenges on that.
    Signature
    Grow your social media account, Spotify Streams, YT Views & IG Followers & More
    Software & Mobile APP Developer
    Buy Spotify, Facebook Bot & IG M/S Method
    {{ DiscussionBoard.errors[10876361].message }}
  • Profile picture of the author rdilipk1
    Hi Sylvia,

    I can understand your frustration because I went through a similar experience about 2 years back. But you can prevent this from happening. Don't shy away from it because there will be some cost involved. If your blog is important then, you should take this route..
    1. Install Wordfence and run periodic scans
    2. Ensure your update your plugins, themes and Wordpress files regularly
    3. Use a good Firewall for your blog. Wordfence has one.
    4. Backup your blog regularly, preferably everyday. You can use Codeguard.
    5. Use a good SPAM protection plugin, preferably Sitelock

    Sitelock has some amazing features including malware scanning and removal, spam protection and a firewall.

    If you don't want to pay for individual services like Sitelock and Codeguard, you can go for a managed Wordpress hosting plan from Hostgator(Most economical) which should give you all these.

    Cheers!
    Signature
    The Complete Course on FB Marketing Basics ==> Click Here

    Which is the Best Managed Wordpress Hosting? - Click Here to find out
    {{ DiscussionBoard.errors[10876430].message }}
    • Profile picture of the author sylviad
      Thank you rdilipk1 . I installed Wordforce and it's great. Set the Firewall option. Ran several scans but no problems other than themes and plugins updates required, so did those. Wordforce (or Norton) has a paid version with scanning that will let you know how hackers are accessing your blog. I might upgrade. Not sure of the cost. One was $99 year. Not bad.
      Signature
      :: Got a dog? Visit my blog. Dog Talk Weekly
      :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
      {{ DiscussionBoard.errors[10878175].message }}
  • Profile picture of the author gorahul
    Are you using free of nulled themes??

    If yes then this can happen.. Immediately change it. It may contain some scripts which can make such issues.

    Note: If the free theme is from official WordPress site or any other trusted site then install "Limit Login Attempts" plugin and "Google Authenticator" plugin.

    Also, remove fake users from WordPress dashboard



    Hope it may solve your problem.
    {{ DiscussionBoard.errors[10876655].message }}
  • Profile picture of the author sylviad
    Thanks everyone for your great tips. It's true... I've been using free themes, two in particular that I love but they are no longer being updated. I just deleted them, but my Norton still gives me a big ugly Red DANGER sign. What I just learned is that Norton actually gives me the virus that is causing this site to be blocked.

    Threat Name:
    Web Attack: Ransomlock Website

    Location:
    http://natural-anxiety-remedies.com/j8945hg45h



    I looked for it in File Manager but it doesn't seem to be in an obvious place.

    A theme on another blog just updated, so I'm going to switch to that one. It even looks good. And it has a paid version if I find it's problematic, too.

    What I want to do is maintain the database on this hacked blog, delete everything else and start over. Can I do that? Still waiting to hear back from my host provider.

    I've copied the database to my computer. From what I understand, the hacking is in the themes. Or maybe somewhere else in the WP blog pages?.

    Sylvia
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10877379].message }}
    • Profile picture of the author yukon
      Banned
      Originally Posted by sylviad View Post

      Thanks everyone for your great tips. It's true... I've been using free themes, two in particular that I love but they are no longer being updated. I just deleted them, but my Norton still gives me a big ugly Red DANGER sign. What I just learned is that Norton actually gives me the virus that is causing this site to be blocked.

      Threat Name:
      Web Attack: Ransomlock Website

      Location:
      http://natural-anxiety-remedies.com/j8945hg45h



      I looked for it in File Manager but it doesn't seem to be in an obvious place.

      A theme on another blog just updated, so I'm going to switch to that one. It even looks good. And it has a paid version if I find it's problematic, too.

      What I want to do is maintain the database on this hacked blog, delete everything else and start over. Can I do that? Still waiting to hear back from my host provider.

      I've copied the database to my computer. From what I understand, the hacking is in the themes. Or maybe somewhere else in the WP blog pages?.

      Sylvia



      I have a step-by-step tutorial that explains how to find out If the problem is a WP theme or plugin.
      Signature
      Hi
      {{ DiscussionBoard.errors[10877387].message }}
  • Profile picture of the author sylviad
    DRAT! I just found out they've hacked another one of my sites. It's barely been used yet, which is a good thing I suppose. The threat on this one is shown by Norton as:
    Threat Name: SWBPL


    Does anyone know what this is?

    There's not much point adding one of the protection plugins mentioned by some of you unless I can get rid of these threats.

    Is there a good program that will search, find and fix these hacks? I see a number come up in a search... but how do you choose?

    Sylvia
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10877417].message }}
    • Profile picture of the author johnben1444
      Originally Posted by sylviad View Post

      DRAT! I just found out they've hacked another one of my sites. It's barely been used yet, which is a good thing I suppose. The threat on this one is shown by Norton as:
      Threat Name: SWBPL


      Does anyone know what this is?

      There's not much point adding one of the protection plugins mentioned by some of you unless I can get rid of these threats.

      Is there a good program that will search, find and fix these hacks? I see a number come up in a search... but how do you choose?

      Sylvia
      Seems like you have all the sites hosted in one host. If that is the case then they have hacked into your hosting.

      The easiest way to do this is to reinstall your backup from the time the site wasn't hacked.
      Signature
      Grow your social media account, Spotify Streams, YT Views & IG Followers & More
      Software & Mobile APP Developer
      Buy Spotify, Facebook Bot & IG M/S Method
      {{ DiscussionBoard.errors[10877720].message }}
      • Profile picture of the author yukon
        Banned
        Originally Posted by johnben1444 View Post

        Seems like you have all the sites hosted in one host. If that is the case then they have hacked into your hosting.

        The easiest way to do this is to reinstall your backup from the time the site wasn't hacked.


        It might not be the host at all If OP is installing a bogus plugin and/or theme across all the sites.

        The single host might only be a coincidence.

        If it was the host being hacked then it's time to find a better host. OP needs to figure out what's going on first plugin/theme hack vs host hack.

        If they change host and the plugin/theme was the problem then all they would be doing is wasting time changing host because odds are they'll install the problem plugin/theme on a new host and repeat the problem for eternity...
        Signature
        Hi
        {{ DiscussionBoard.errors[10877753].message }}
      • Profile picture of the author sylviad
        Originally Posted by johnben1444 View Post

        Seems like you have all the sites hosted in one host. If that is the case then they have hacked into your hosting.

        The easiest way to do this is to reinstall your backup from the time the site wasn't hacked.
        You are right, they are. Not sure I have a pre-hack backup since I switched computers recently.

        I opted to deleted the entire folder for the new site after just copy/pasting all the content into a Word file. The problem is, when I re-created a new folder for the domain and reinstalled WP, I still get the Dangerous Site warning from Norton and can't get in... or stay in. It keeps bumping me out.

        Why would it still show the warning when the entire site has been recreated from scratch?
        Signature
        :: Got a dog? Visit my blog. Dog Talk Weekly
        :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
        {{ DiscussionBoard.errors[10878181].message }}
      • Profile picture of the author sylviad
        Originally Posted by johnben1444 View Post

        Seems like you have all the sites hosted in one host. If that is the case then they have hacked into your hosting.

        The easiest way to do this is to reinstall your backup from the time the site wasn't hacked.
        Actually, only 2 of my sites have been hacked. The others are still ok... several are static pages, not WP or blogs. They seem to prefer the blogs. Working to install Wordfence on all of my blog sites.
        Signature
        :: Got a dog? Visit my blog. Dog Talk Weekly
        :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
        {{ DiscussionBoard.errors[10878235].message }}
  • Profile picture of the author sylviad
    Also, while reinstalling WP, I made the mistake of creating a secondary directory and WP went into that. This wouldn't work because the domain then required that extra directory in the URL if visitors could access it.

    So, I went into WP installations, chose the new install/site and changed all visible instances where that extra directory was in the URL. But now the web page shows unformatted... just text, rather than the theme. The theme is there activated, but it's now appearing that way. How do I fix that now?

    Sylvia
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10878187].message }}
    • Profile picture of the author rdilipk1
      Originally Posted by sylviad View Post

      Also, while reinstalling WP, I made the mistake of creating a secondary directory and WP went into that. This wouldn't work because the domain then required that extra directory in the URL if visitors could access it.

      So, I went into WP installations, chose the new install/site and changed all visible instances where that extra directory was in the URL. But now the web page shows unformatted... just text, rather than the theme. The theme is there activated, but it's now appearing that way. How do I fix that now?

      Sylvia
      You might want to login to your dashboard. Go to Settings > General and change the Site URL and Wordpress URL to reflect the changes.

      Let me know if this works..
      Signature
      The Complete Course on FB Marketing Basics ==> Click Here

      Which is the Best Managed Wordpress Hosting? - Click Here to find out
      {{ DiscussionBoard.errors[10880192].message }}
      • Profile picture of the author sylviad
        Originally Posted by rdilipk1 View Post

        You might want to login to your dashboard. Go to Settings > General and change the Site URL and Wordpress URL to reflect the changes.

        Let me know if this works..
        Mmmm... can't get into wp login to dashboard, only to an unformatted version of the main site.
        Signature
        :: Got a dog? Visit my blog. Dog Talk Weekly
        :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
        {{ DiscussionBoard.errors[10882341].message }}
        • Profile picture of the author rdilipk1
          What did you use as the login URL? You might want to use www.yourdomain.com/yournewdirectory/wp-admin to login.. Then make the changes as I suggested.. Let me know if it works..
          Signature
          The Complete Course on FB Marketing Basics ==> Click Here

          Which is the Best Managed Wordpress Hosting? - Click Here to find out
          {{ DiscussionBoard.errors[10882370].message }}
        • Profile picture of the author rdilipk1
          What is the URL you are using to login? You might want to use www.yourdomain.com/yourdirectory/wp-admin.

          Let me know if it works
          Signature
          The Complete Course on FB Marketing Basics ==> Click Here

          Which is the Best Managed Wordpress Hosting? - Click Here to find out
          {{ DiscussionBoard.errors[10882381].message }}
          • Profile picture of the author sylviad
            Originally Posted by rdilipk1 View Post

            What is the URL you are using to login? You might want to use www.yourdomain.com/yourdirectory/wp-admin.

            Let me know if it works
            Yes, I did try that... so I got fed up trying to figure it out and deleted WP and reinstalled it properly. I did save the database and copied it into the new database created by the reinstall, but the posts aren't showing up in the Dashboard. How do I get them to reveal themselves?

            I guess the settings I created (photos in widgets on the home page, logo and pages) don't get saved?

            Thanks.
            Sylvia
            Signature
            :: Got a dog? Visit my blog. Dog Talk Weekly
            :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
            {{ DiscussionBoard.errors[10882389].message }}
            • Profile picture of the author rdilipk1
              Everything that you saved should ideally have been there.
              Since you mentioned that the posts are not showing, this would only happen if the database is not mapped properly. Check the name of your database and the names of the tables inside it. The tables should have a prefix which usually starts with wp_
              Then go into your wp_config file and check if the database name is correct and also if the prefix is correct. You should see it under $table_prefix
              I don't see any other reason why this should happen..

              Just to verify, how did you install the site. Did you do a manual installation or, did you use one of the installers in your hosting account? If you used an installer, then there is all possibility of the above mentioned issue with the table prefix.
              Signature
              The Complete Course on FB Marketing Basics ==> Click Here

              Which is the Best Managed Wordpress Hosting? - Click Here to find out
              {{ DiscussionBoard.errors[10882458].message }}
  • Profile picture of the author sylviad
    I used their installer from CPanel/Softactulous

    Will take a look and see any tables... not quite sure what to look for but during a browse, I did notice something about Tables.

    Where do I find the config file? I dont' see it in this file listing the tables.
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10882479].message }}
  • Profile picture of the author sylviad
    Ok. The tables all show with the start of wp or wpt or wpc variations.

    Where do I find the config file? I dont' see it in this file listing the tables.
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10882491].message }}
    • Profile picture of the author rdilipk1
      Hey, timezone issues and hence the delay..

      I think we have figured out the problem here now.. Your installations are creating tables with a different prefix and we really don't know which one is the right one.

      Let us follow this -
      1. Your config file will be there in your file manager. Go to the directory where you installed Wordpress and you should find it..
      2. Check what is the value after "=" in $table_prefix
      3. If it is wp_, then change it to wpt_ first and check if your blog is looking fine.
      4. If not, then change it to wpc_ and then check..
      5. whichever change shows your blog the right way is the correct configuration
      6. To edit the config file, just select that use the "edit" button on your cpanel file manager menu.
      Signature
      The Complete Course on FB Marketing Basics ==> Click Here

      Which is the Best Managed Wordpress Hosting? - Click Here to find out
      {{ DiscussionBoard.errors[10882676].message }}
  • Profile picture of the author sylviad
    Thank you. I think I can find that.

    Almost midnight here, so will look into it tomorrow.

    Thanks again for all your help.

    Sylvia
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10882697].message }}
  • Profile picture of the author AppSpirit
    If I were you, I will hire a professional team like wpcurve.com or host your sites on WPENGINE.com.

    I have similar issues with my wife's wordpress site. WPCurve guys fixed the site in 30 mins and never had an issue after. If budget is not a constraint, I will also switch your hosting to wpengine.com (29/month)

    I dont have any affiliations to those guys. I was in your position once and both of those guys saved my sanity.
    {{ DiscussionBoard.errors[10884101].message }}
  • Profile picture of the author Patrick
    Lets take an example of your house. Is your house secure without a door? NO. You keep your house secure by placing doors and windows and lock them, same goes for car.

    Similarly, if you care about your website (which you should), you should take necessary steps to make sure you keep it secured.

    Here are some of the basic steps.

    1) Keep the strongest password ever, use a password generator tool to generate a password, make sure you make a note of this password somewhere. Don’t even whisper it to your dog. You can add a note in your mobile phone so that its safe and that you know where to look.

    2) Use CAPTCHA on all your forms, even the contact forms, which are the the main source of spam.

    3) Deactivate and Uninstall plugins and themes you don’t need - This is the step which many people don’t do. The plugin files stay in your hosting and you ignore updating them since you think you are not “using” them. This is the biggest loophole in many WordPress sites. Even remove the twentysixteen or twentyfifteen or whatever default themes are there if you are not using them.

    4) Keep plugins and themes and WordPress updated ALWAYS. Whenever you login to the back-end and see an update, DO IT. But it is always safe to keep backups, its not necessary to make backups often, but I guess a weekly backup should be good so that you can restore your website if an update failed or caused issues.

    5) STAY AWAY FROM SECURITY PLUGINS. Only 1% of commercial plugin developers are Mother Teresa, the rest are just trying to look for some way to make money at the cost of others problems. Most people think installing a security plugin will keep you safe, while its the other way round. Their sole purpose is to give you a hell of a time so that you are convinced to buy their pro version (that’s why they advertise their pro version all over in the back-end).

    6) Be VERY careful while selecting the plugins and themes you are going to use. Most people think buying a $50 theme and adding some plugins makes your website “wonderful” and your website looks great. But honestly, most of the so called “premium” themes are a piece of junk in the back-end, so make sure you read all the reviews about the theme and plugins you are going to use.

    If you are going to follow these 6 steps above, I can guarantee you that your website will be 100% secure and not even a highly sophisticated alien can hack you. I have been creating sites since 2008 and till today not even one client has come to me and told me that their site got hacked.

    There is no need to hire some wizard or "expert" to keep your site secure. You have to pay attention to your site as well like you pay attention to the security of your house and car.
    {{ DiscussionBoard.errors[10884138].message }}
  • Profile picture of the author sylviad
    Patrick,

    Thank you for the great list. Fortunately, I"m already on top of most of them... still need to delete the unused themes .

    3 years ago, I stopped all my online work which left my sites vulnerable because I was not updating anything. One site in particular has been repeatedly molested which took tons of time to remove all the junk code they added to numerous files. Discovered that my fav theme is no longer being upgraded, so switched it to one that is.

    This one virus is puzzling my host... .domain.com/virus number - randomlock. They say "That may be a concern. I have never seen an error like that before so we may want to escalate this to L2" which I assume means the level of scan or protection?

    Not much more I can do, I guess, if no one can find this darned thing and remove it.

    Sylvia

    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10884365].message }}
    • Profile picture of the author Patrick
      Originally Posted by sylviad View Post

      Patrick,

      Thank you for the great list. Fortunately, I"m already on top of most of them... still need to delete the unused themes .

      3 years ago, I stopped all my online work which left my sites vulnerable because I was not updating anything. One site in particular has been repeatedly molested which took tons of time to remove all the junk code they added to numerous files. Discovered that my fav theme is no longer being upgraded, so switched it to one that is.

      This one virus is puzzling my host... .domain.com/virus number - randomlock. They say "That may be a concern. I have never seen an error like that before so we may want to escalate this to L2" which I assume means the level of scan or protection?

      Not much more I can do, I guess, if no one can find this darned thing and remove it.

      Sylvia

      If you want I can take a look at your files. And no I won't charge anything.
      {{ DiscussionBoard.errors[10884409].message }}
      • Profile picture of the author sylviad
        Originally Posted by Patrick View Post

        If you want I can take a look at your files. And no I won't charge anything.
        Thanks Patrick. I truly appreciate your kind offer. My host is doing whatever it is they do, so let's see what they come up with first.
        Signature
        :: Got a dog? Visit my blog. Dog Talk Weekly
        :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
        {{ DiscussionBoard.errors[10884418].message }}
  • Profile picture of the author sylviad
    Hi,
    I found a file in my site's program section, wflogs/config.php that as far as I can tell contains junk. It goes on for screens and screens and is nothing like any config file I've ever seen. Does this look like it belongs? This is just a small sample of the entire file. My guess is I can delete everything after that first line ending in ?>

    <?php exit('Access denied'); __halt_compiler(); ?>
    a:20:{s:9:"wafStatus";s:7:"enabled";s:30:"learning ModeGracePeriodEnabled";i:0;s:7:"authKey";s:64:"Z/sZeN<u@`nLIb**j}g[=J@lx5iybZ7#M~~N9py(x3A9:jxb{MQ:;Ry*It@BIUUY";s:4: "cron";a:2:{i:0;O:24:"wfWAFCronFetchRulesEvent":1: {s:11:"�*�fireTime";i:1477245516;}i:1;O:25:"wfWAFC ronFetchIPListEvent":1:{s:11:"�*�fireTime";i:14768 13581; } }s:7:"version";s:5:"1.0.2";s:11:"other_WFNet";s:1: "1";s:6:"apiKey";s:160:"1807546dfe706c6aa47b0bac63 b21edd006a40a285511eba27e59b2971c7a040e41864693e81 9c506a192bbbf022afd94597a2a165455087d9a0d7ad2857b5 5c359a8eef0c7129e8c362b773e0db3de6";s:11:"wafDisab led";b:0;s:16:"rulesLastUpdated";i:1476640721;s:12 :"premiumCount";i:0;s:12:"filePatterns";s:98668:"A Q0WLAQiEl9/Ag8/LFQedQ4YBDRZL2JAWnYIF0UuF0w9GxBuXxkVTVQTMVxIBxERCC Q+VBs2HEQgECVgZXc/NDNgLwYlPUQdBg4qbmVAFnY2QhczTRYcHxFTNSVKBmsCJA0NK0 0sJQAkb2V+diU6IzceDWZgDiV2aygcHhUtd3V4XAcoESEUSnoM ATssEFZfGg0CKRQWHEQkaU0iA3dNfhY


    ALSO...

    In another file: attack-data.php contains a typical code and then pages of a question mark within a black diamond.

    Can I delete this entire .php file?

    Sylvia
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10884438].message }}
  • Profile picture of the author Patrick
    Sylviad

    The only folders you should have in your hosting is wp-admin, wp-content and wp-includes, if you have ANY other folder than these 3, delete them (of course except the folders you created yourself to store some files).
    {{ DiscussionBoard.errors[10884458].message }}
  • Profile picture of the author sylviad
    Sorry, I didn't make it clear...

    These files are in the wp-content/uploads folder.
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10884473].message }}
  • Profile picture of the author Patrick
    LOL. wflogs is a folder created by Wordfence to store the logs in the uploads folder.

    Read my point above about staying away from the so called "Security plugins"

    Feel free to completely delete this folder.
    {{ DiscussionBoard.errors[10884481].message }}
  • Profile picture of the author KuroiEggs
    Personally I use WPCerber to prevent any brute force attacks. Slaps the kerfuffle out of anyone trying to have a crack at the login page, as well as lets you easily change the login page URL (and can even ban anyone who tries to log into the default URL after you change it).

    I don't have a pro version, but I wouldn't put it out of my mind as something to buy in the future.
    {{ DiscussionBoard.errors[10888777].message }}
  • Profile picture of the author katefeesh
    Which Norton product are you using to scan? Your visitors are def not gonna appreciate being served ransomware. While auditing your config files I suggest protecting other sites asap.

    But omg good find with the corrupted WordFence file.

    WordFence says it's a WAF. Never believed plugins could be good against serious hackers. Now we can be sure WordFence's not strong. Get your sites protected by proper security service.

    If your site traffic is within 4gb/month I suggest Cloudbric cos it's free.
    {{ DiscussionBoard.errors[10892691].message }}
    • Profile picture of the author sylviad
      Hi
      I'm not really running scans when I browse... Norton, which I thought just protects my computer, just does that on its own too to prevent me from accessing dangerous sites.

      But... fantastic news!

      I went to the Norton site and requested that they re-evaluate my 2 sites in question. The results revealed that there are no threats on either site and they are both working fine now.

      Thank you all for the suggestions for other security plugins, but I'm quite happy with Wordfence. It allows me to go in and run a Live Traffic scan which reveals all the people that are trying to access invalid or hacked files on my sites. Imagine how this can help you find those files.

      One such file was in a folder titled ES. It contained a slew of fake reports that I ignored (thought I might have added them years ago). So I decided to take a look and ... whoa! They were all garbage! So I trashed the entire folder... no, didn't save... just delete completely. Right after, I got a lot of people in California particularly, some in China hitting on one specific link that was in reality a virus. So I was able to block them all through Wordfence and even blocked entire networks. My site's not that popular so I'm not going to worry about a few thousand people locked out.

      Wordfence also lets me know when someone tries to login to my sites using invalid admin as a username, or other invalid logins. Glad it catches those. It even caught one trying to get in the back door (not as a blog login), but my actual site files.

      Anyway my host scanned afterwards and found no problems. Norton has scanned and no problems.

      So all is cool!

      Sylvia


      Originally Posted by katefeesh View Post

      Which Norton product are you using to scan? Your visitors are def not gonna appreciate being served ransomware. While auditing your config files I suggest protecting other sites asap.

      But omg good find with the corrupted WordFence file.

      WordFence says it's a WAF. Never believed plugins could be good against serious hackers. Now we can be sure WordFence's not strong. Get your sites protected by proper security service.

      If your site traffic is within 4gb/month I suggest Cloudbric cos it's free.
      Signature
      :: Got a dog? Visit my blog. Dog Talk Weekly
      :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
      {{ DiscussionBoard.errors[10893110].message }}
  • Profile picture of the author blackli0n
    Setup HTTP AUTHORIZATION on your wp-admin page. Block the XML-RPC protocol. That will decrease the attacks by about 90% and also speed up your site since your server isn't as bogged down.
    Signature
    wpjohnny.com - Make Money with Wordpress
    Passive income since 2007. Trying to consistently crack 5-figures/month. find what you love - dream big - work hard
    {{ DiscussionBoard.errors[10893250].message }}
    • Profile picture of the author sylviad
      Ya got me, blackli0n... how do I do that?

      Originally Posted by blackli0n View Post

      Setup HTTP AUTHORIZATION on your wp-admin page. Block the XML-RPC protocol. That will decrease the attacks by about 90% and also speed up your site since your server isn't as bogged down.
      Signature
      :: Got a dog? Visit my blog. Dog Talk Weekly
      :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
      {{ DiscussionBoard.errors[10897821].message }}
  • Profile picture of the author sylviad
    I've discovered that when they got into my sites, they loaded tons of files, modified index files and did something to the htaccess file... according to a resource I found online. But I can't get to that file because it's hidden. How do I find it and get to it to see if it's been compromised?

    I think that's probably the last thing I need to fix, because it's making it appear that they are constantly logging in, when they are just re-propagating the malicious files automatically from within as I delete them.

    Sylvia
    Signature
    :: Got a dog? Visit my blog. Dog Talk Weekly
    :: Writing, Audio Transcription Services? - Award-winning Journalist is taking new projects. Warrior Discounts!
    {{ DiscussionBoard.errors[10928886].message }}
  • Profile picture of the author haider45678
    it is very important to secure your wp blogs. you can do this by using different plugins that wp provides.
    {{ DiscussionBoard.errors[10932420].message }}
  • Profile picture of the author Sorin Vasiliu
    Try this program is free an verry good http://adf.ly/1g7Kw6
    {{ DiscussionBoard.errors[10932805].message }}

Trending Topics