5 replies
Hi guys,

I've posted this in the website Design forum as well, so sorry for any double-up.

Just need some advice, I've started blogging for a new client & over the last few days have had some new users appear on the site. They used an email address whose url led to a dodgy-looking Russian site. I'm pretty sure it's a spam bot that's gotten in and set them up as the site hadn't been updated to the latest version of WP. I've updated it & deleted the spam users, but am wondering what is the best way to secure the site (apart from changing passwords)? I'm pretty sure WP was setup on this site with an auto install, is there any way to correct this with the current setup, or do I need to uninstall WP & do a manual WP install?
I'm not the most technically advanced Warrior, so any and all help would be invaluable.

Cheers,
Sissy
#security #wordpress
  • Profile picture of the author SteveJohnson
    What role was assigned to the new 'spam users'? If they were added as Subscriber, and you had the blog set to allow new registrations, it should be enough to just delete them and then disallow new user registrations.

    If these users had any other role than Subscriber, it's a pretty much sure sign that the WP install has been hacked or compromised. If so, deleting the WP files isn't enough. The safest thing to do is to start over from scratch with a clean install and fresh database. That may not be an option if there are a lot of existing posts or the site has been indexed in the SEs for any length of time.

    If that's the case, you may have to bite the bullet and and hire a bug cleaner to disinfect your wp-content folder and the database. Not cheap, but probably unavoidable if you can't do it yourself and you can't start fresh.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[4202643].message }}
  • Profile picture of the author gottahave
    I used to get tens/hundreds spam comments a day on our blogs (probably from bots) until I installed the re-Captcha Wordpress plugin. This stopped them overnight except for the occasional one easily managed.

    Neil
    {{ DiscussionBoard.errors[4202699].message }}
  • Profile picture of the author Ken Durham
    there are some steps here that should be followed
    Hardening WordPress « WordPress Codex
    Signature

    yes, I am....

    {{ DiscussionBoard.errors[4206751].message }}
  • Profile picture of the author elenalee
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[4209677].message }}
    • Profile picture of the author Sissy76
      Thanks so much guys for all of your advice. The WP install was an auto one using Fantastico, and there's a lot of content on the site, so deleting the database isnot preferable, so looks like I'll be researching bug cleaners - any suggestions on a good one?

      Thanks again,
      Sissy
      {{ DiscussionBoard.errors[4224235].message }}
      • Profile picture of the author Tim Brownlaw
        Originally Posted by Sissy76 View Post

        Thanks so much guys for all of your advice. The WP install was an auto one using Fantastico, and there's a lot of content on the site, so deleting the database isnot preferable, so looks like I'll be researching bug cleaners - any suggestions on a good one?

        Thanks again,
        Sissy
        To "Clean" your Database you can export the entire WP Database and manually inspect and edit it and then put it back.

        It's probably not a trivial task if you have never done it before. So if you need a hand, just give me a shout.

        Cheers
        Tim
        Signature

        Great Success is built from many little successes!

        http://www.timbrownlaw.com - My Wee Part of the World.

        http://www.LookingOverMyShoulder.com

        {{ DiscussionBoard.errors[4225504].message }}

Trending Topics