How do I stop hackers from attacking my WP blogs?

Hello, the first and the most important step is to secure ur website, there are a lot of method " install plug in, clean ur code " template and plug in " hide access, reprogram ur htaccess etc ...
the second u should be safly don't install any thing are free founded in ineternet

u can use also hide my wp u can hide with this plug in the wp login, and all access to ur website.

cheers

you can try to install Hide My WP in codecanyon. and everything will be fine.

Fact is, you can try but it's not going to be a guarantee. Big sites and companies with all the money and experts are still getting hit. That's the Internet for you but there are a few things you can do.

1. Clean up your site and ensure all the malicious codes have been deleted from your site completely as well as hosting files.

2. Change your password and regularly too.

3. Install Word Fence plugin and upgrade to the paid version but if your site isn't making money yet i suggest you manage the free version first.

4. Always update all your plugins. Some plugins get hacked that's why the owners make new update and when you don't update your site, you may become vulnerable.

The most important thing is to go through all your website files first and clean them up or hire an expert to do that for you.

Talk to me If you are still having some challenges on that.

Hi Sylvia,

I can understand your frustration because I went through a similar experience about 2 years back. But you can prevent this from happening. Don't shy away from it because there will be some cost involved. If your blog is important then, you should take this route..

1. Install Wordfence and run periodic scans
2. Ensure your update your plugins, themes and Wordpress files regularly
3. Use a good Firewall for your blog. Wordfence has one.
4. Backup your blog regularly, preferably everyday. You can use Codeguard.
5. Use a good SPAM protection plugin, preferably Sitelock

Sitelock has some amazing features including malware scanning and removal, spam protection and a firewall.

If you don't want to pay for individual services like Sitelock and Codeguard, you can go for a managed Wordpress hosting plan from Hostgator(Most economical) which should give you all these.

Cheers!

Are you using free of nulled themes??

If yes then this can happen.. Immediately change it. It may contain some scripts which can make such issues.

Note: If the free theme is from official WordPress site or any other trusted site then install "Limit Login Attempts" plugin and "Google Authenticator" plugin.

Also, remove fake users from WordPress dashboard



Hope it may solve your problem.

Thanks everyone for your great tips. It's true... I've been using free themes, two in particular that I love but they are no longer being updated. I just deleted them, but my Norton still gives me a big ugly Red DANGER sign. What I just learned is that Norton actually gives me the virus that is causing this site to be blocked.

Threat Name:
Web Attack: Ransomlock Website

Location:
http://natural-anxiety-remedies.com/j8945hg45h



I looked for it in File Manager but it doesn't seem to be in an obvious place.

A theme on another blog just updated, so I'm going to switch to that one. It even looks good. And it has a paid version if I find it's problematic, too.

What I want to do is maintain the database on this hacked blog, delete everything else and start over. Can I do that? Still waiting to hear back from my host provider.

I've copied the database to my computer. From what I understand, the hacking is in the themes. Or maybe somewhere else in the WP blog pages?.

Sylvia

DRAT! I just found out they've hacked another one of my sites. It's barely been used yet, which is a good thing I suppose. The threat on this one is shown by Norton as:
Threat Name: SWBPL


Does anyone know what this is?

There's not much point adding one of the protection plugins mentioned by some of you unless I can get rid of these threats.

Is there a good program that will search, find and fix these hacks? I see a number come up in a search... but how do you choose?

Sylvia

Also, while reinstalling WP, I made the mistake of creating a secondary directory and WP went into that. This wouldn't work because the domain then required that extra directory in the URL if visitors could access it.

So, I went into WP installations, chose the new install/site and changed all visible instances where that extra directory was in the URL. But now the web page shows unformatted... just text, rather than the theme. The theme is there activated, but it's now appearing that way. How do I fix that now?

Sylvia

I used their installer from CPanel/Softactulous

Will take a look and see any tables... not quite sure what to look for but during a browse, I did notice something about Tables.

Where do I find the config file? I dont' see it in this file listing the tables.

Ok. The tables all show with the start of wp or wpt or wpc variations.

Where do I find the config file? I dont' see it in this file listing the tables.

Thank you. I think I can find that.

Almost midnight here, so will look into it tomorrow.

Thanks again for all your help.

Sylvia

If I were you, I will hire a professional team like wpcurve.com or host your sites on WPENGINE.com.

I have similar issues with my wife's wordpress site. WPCurve guys fixed the site in 30 mins and never had an issue after. If budget is not a constraint, I will also switch your hosting to wpengine.com (29/month)

I dont have any affiliations to those guys. I was in your position once and both of those guys saved my sanity.

Lets take an example of your house. Is your house secure without a door? NO. You keep your house secure by placing doors and windows and lock them, same goes for car.

Similarly, if you care about your website (which you should), you should take necessary steps to make sure you keep it secured.

Here are some of the basic steps.

1) Keep the strongest password ever, use a password generator tool to generate a password, make sure you make a note of this password somewhere. Don’t even whisper it to your dog. You can add a note in your mobile phone so that its safe and that you know where to look.

2) Use CAPTCHA on all your forms, even the contact forms, which are the the main source of spam.

3) Deactivate and Uninstall plugins and themes you don’t need - This is the step which many people don’t do. The plugin files stay in your hosting and you ignore updating them since you think you are not “using” them. This is the biggest loophole in many WordPress sites. Even remove the twentysixteen or twentyfifteen or whatever default themes are there if you are not using them.

4) Keep plugins and themes and WordPress updated ALWAYS. Whenever you login to the back-end and see an update, DO IT. But it is always safe to keep backups, its not necessary to make backups often, but I guess a weekly backup should be good so that you can restore your website if an update failed or caused issues.

5) STAY AWAY FROM SECURITY PLUGINS. Only 1% of commercial plugin developers are Mother Teresa, the rest are just trying to look for some way to make money at the cost of others problems. Most people think installing a security plugin will keep you safe, while its the other way round. Their sole purpose is to give you a hell of a time so that you are convinced to buy their pro version (that’s why they advertise their pro version all over in the back-end).

6) Be VERY careful while selecting the plugins and themes you are going to use. Most people think buying a $50 theme and adding some plugins makes your website “wonderful” and your website looks great. But honestly, most of the so called “premium” themes are a piece of junk in the back-end, so make sure you read all the reviews about the theme and plugins you are going to use.

If you are going to follow these 6 steps above, I can guarantee you that your website will be 100% secure and not even a highly sophisticated alien can hack you. I have been creating sites since 2008 and till today not even one client has come to me and told me that their site got hacked.

There is no need to hire some wizard or "expert" to keep your site secure. You have to pay attention to your site as well like you pay attention to the security of your house and car.

Patrick,

Thank you for the great list. Fortunately, I"m already on top of most of them... still need to delete the unused themes .

3 years ago, I stopped all my online work which left my sites vulnerable because I was not updating anything. One site in particular has been repeatedly molested which took tons of time to remove all the junk code they added to numerous files. Discovered that my fav theme is no longer being upgraded, so switched it to one that is.

This one virus is puzzling my host... .domain.com/virus number - randomlock. They say "That may be a concern. I have never seen an error like that before so we may want to escalate this to L2" which I assume means the level of scan or protection?

Not much more I can do, I guess, if no one can find this darned thing and remove it.

Sylvia

Hi,
I found a file in my site's program section, wflogs/config.php that as far as I can tell contains junk. It goes on for screens and screens and is nothing like any config file I've ever seen. Does this look like it belongs? This is just a small sample of the entire file. My guess is I can delete everything after that first line ending in ?>

<?php exit('Access denied'); __halt_compiler(); ?>
a:20:{s:9:"wafStatus";s:7:"enabled";s:30:"learning ModeGracePeriodEnabled";i:0;s:7:"authKey";s:64:"Z/sZeN<u@`nLIb**j}g[=J@lx5iybZ7#M~~N9py(x3A9:jxb{MQ:;Ry*It@BIUUY";s:4: "cron";a:2:{i:0;O:24:"wfWAFCronFetchRulesEvent":1: {s:11:"�*�fireTime";i:1477245516;}i:1;O:25:"wfWAFC ronFetchIPListEvent":1:{s:11:"�*�fireTime";i:14768 13581; } }s:7:"version";s:5:"1.0.2";s:11:"other_WFNet";s:1: "1";s:6:"apiKey";s:160:"1807546dfe706c6aa47b0bac63 b21edd006a40a285511eba27e59b2971c7a040e41864693e81 9c506a192bbbf022afd94597a2a165455087d9a0d7ad2857b5 5c359a8eef0c7129e8c362b773e0db3de6";s:11:"wafDisab led";b:0;s:16:"rulesLastUpdated";i:1476640721;s:12 :"premiumCount";i:0;s:12:"filePatterns";s:98668:"A Q0WLAQiEl9/Ag8/LFQedQ4YBDRZL2JAWnYIF0UuF0w9GxBuXxkVTVQTMVxIBxERCC Q+VBs2HEQgECVgZXc/NDNgLwYlPUQdBg4qbmVAFnY2QhczTRYcHxFTNSVKBmsCJA0NK0 0sJQAkb2V+diU6IzceDWZgDiV2aygcHhUtd3V4XAcoESEUSnoM ATssEFZfGg0CKRQWHEQkaU0iA3dNfhY


ALSO...

In another file: attack-data.php contains a typical code and then pages of a question mark within a black diamond.

Can I delete this entire .php file?

Sylvia

Sylviad

The only folders you should have in your hosting is wp-admin, wp-content and wp-includes, if you have ANY other folder than these 3, delete them (of course except the folders you created yourself to store some files).

Sorry, I didn't make it clear...

These files are in the wp-content/uploads folder.

LOL. wflogs is a folder created by Wordfence to store the logs in the uploads folder.

Read my point above about staying away from the so called "Security plugins"

Feel free to completely delete this folder.

Personally I use WPCerber to prevent any brute force attacks. Slaps the kerfuffle out of anyone trying to have a crack at the login page, as well as lets you easily change the login page URL (and can even ban anyone who tries to log into the default URL after you change it).

I don't have a pro version, but I wouldn't put it out of my mind as something to buy in the future.

Which Norton product are you using to scan? Your visitors are def not gonna appreciate being served ransomware. While auditing your config files I suggest protecting other sites asap.

But omg good find with the corrupted WordFence file.

WordFence says it's a WAF. Never believed plugins could be good against serious hackers. Now we can be sure WordFence's not strong. Get your sites protected by proper security service.

If your site traffic is within 4gb/month I suggest Cloudbric cos it's free.

Setup HTTP AUTHORIZATION on your wp-admin page. Block the XML-RPC protocol. That will decrease the attacks by about 90% and also speed up your site since your server isn't as bogged down.

I've discovered that when they got into my sites, they loaded tons of files, modified index files and did something to the htaccess file... according to a resource I found online. But I can't get to that file because it's hidden. How do I find it and get to it to see if it's been compromised?

I think that's probably the last thing I need to fix, because it's making it appear that they are constantly logging in, when they are just re-propagating the malicious files automatically from within as I delete them.

Sylvia

it is very important to secure your wp blogs. you can do this by using different plugins that wp provides.

Try this program is free an verry good http://adf.ly/1g7Kw6