Wordpress Security Help - I have been hacked

13 replies
I have a ton of sites, both mine and clients. Several were hacked over the weekend. It looks like they just replaced the index.php file and made it so my login into the dashboard didn't work.

Any good plugin suggestions to help prevent these types of hacks?
#hacked #security #wordpress
  • Profile picture of the author Tim Franklin
    Well there are several things you can do, but I am curious did you use fantastico to install your blog with or perhaps a scripting agent? i.e. anything other than a manual installation?

    There are several threads about securing a wordpress installation, but that seems a bit late for your needs, have you repaired the issues so far?
    Signature
    Bitcoin | Crypto | AI software tools and development|
    {{ DiscussionBoard.errors[4286370].message }}
  • Profile picture of the author mattbaehr
    Yes, fantastico.

    I have been able to repair most of them.
    Signature
    Get Your Own .EDU Pages for Less than $10 a Piece!! - How would you like to have your own content, anchor text and links on a .edu domain? You control it all from the text to the links. Now you can!
    {{ DiscussionBoard.errors[4286381].message }}
    • Profile picture of the author Tim Franklin
      Originally Posted by mattbaehr View Post

      Yes, fantastico.

      I have been able to repair most of them.
      yes, that seems to be happening more often, You can use my software, to generate your WPconfig file it will help you in designing a more secure website, (nothing is 100 percent but there are some things you can do to make it much harder)

      have a look at our website, Wordpress Websites.

      you can download the software at Tucows.com

      It is also useful in keeping up with your database details, there is a ton of good info you can locate to help you reduce the chances, of having trouble.

      Signature
      Bitcoin | Crypto | AI software tools and development|
      {{ DiscussionBoard.errors[4286512].message }}
  • Profile picture of the author zardon
    There is Wordpress security scan, but that does not cover everything. There also used to be something on hardening Wordpress, but I can't recall where it was, or how up to date it was.

    The WP security scan plug-in is a good stop gap, there's also WP Lockdown which prevents more than X attempts logins.

    Above and beyond this, you need to look at your logs to see where the attack came from (if at all possible identifying IP ranges) and block the IP range. There used to be a site which had a list of bad IP ranges, but again I cannot recall it off hand.

    There is also the idea of employing your .htaccess file to help reduce exploits.

    I hope this helps.
    {{ DiscussionBoard.errors[4287763].message }}
  • Profile picture of the author zardon
    There is Wordpress security scan, but that does not cover everything. There also used to be something on hardening Wordpress, but I can't recall where it was, or how up to date it was.

    The WP security scan plug-in is a good stop gap, there's also WP Lockdown which prevents more than X attempts logins.

    Above and beyond this, you need to look at your logs to see where the attack came from (if at all possible identifying IP ranges) and block the IP range. There used to be a site which had a list of bad IP ranges, but again I cannot recall it off hand.

    There is also the idea of employing your .htaccess file to help reduce exploits.

    I hope this helps.
    {{ DiscussionBoard.errors[4287780].message }}
  • Profile picture of the author Jake Gray
    Hi Matt,

    In most cases, you and your clients did not update your WordPress
    version. If this was not the issue, I would definitely contact your host.

    If you got any questions about how to proceed or any security-related
    questions, do not hesitate to ask.

    Jake
    {{ DiscussionBoard.errors[4311259].message }}
  • Profile picture of the author mattbaehr
    Jake -

    Many of the sites weren't up to 3.2.1, but some were. I threw on wp security scan and found a few holes like table prefix and some chmod things. Hopefully that does it. But any other tips you have are most welcome.
    Signature
    Get Your Own .EDU Pages for Less than $10 a Piece!! - How would you like to have your own content, anchor text and links on a .edu domain? You control it all from the text to the links. Now you can!
    {{ DiscussionBoard.errors[4311509].message }}
    • Profile picture of the author Jake Gray
      Originally Posted by mattbaehr View Post

      Jake -

      Many of the sites weren't up to 3.2.1, but some were. I threw on wp security scan and found a few holes like table prefix and some chmod things. Hopefully that does it. But any other tips you have are most welcome.
      Matt,

      Let me stop you right there. Installing this, Installing that - You need
      to monitor what you install. Not only could WordPress be responsible,
      but so could the plugins that you install within your blogs. You need to
      make sure that the plugin you plan on installing is highly secure with
      great reviews. If it's a good commercial plugin, chances are they are
      decently security-conscious about it.
      {{ DiscussionBoard.errors[4313316].message }}
  • Profile picture of the author Abledragon
    Hi Matt,

    Sorry to hear that.

    As well as the WordPress-Security-Scan plugin others have referred to I also use Login Lockdown.

    In addition to the WordPress related security steps, though, don't overlook the fact that both your machine and your FTP may be compromised. WordPress security involves more than just WordPress - more details here:

    http://www.wealthydragon.com/2010/01...ity-wordpress/

    Cheers,

    Martin.
    Signature
    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[4311961].message }}
  • Profile picture of the author yangyang
    The best tip is to keep your blog updated to the latest version of wordpress. I learned it the hard way.
    Signature

    1. Global Movies Database = $489.95 = 1.5 GB data + 65.9 GB images.

    2. World Hotels Database = $589.95 = 1.54 GB data + 71.4 GB images.

    3. Auto Parts Database = $489.95 = 15.8 GB data + 30.4 GB images.

    {{ DiscussionBoard.errors[4314203].message }}
  • Profile picture of the author Ken Durham
    Most of the break-ins I see are either from incorrect server directory permission settings, or personal computers being breached, most often systems using Filezilla as their FTP client. Filezilla stores FTP log ins, including passwords, in plain text.
    So it's a simple matter for the intruder to grab this text file, giving them access to all of your ftp accounts.

    FileZilla Forums • View topic - Filezilla Password File

    Browse through your FTP logs, error logs, and access logs. The key to stop the intrusion is finding out how they got in, in the first place. Brute force entry is often done through trial and error, which shows up in your error logs. Or through your FTP, which shows in your ftp logs.

    A best practice is to shut down FTP on the server when it is not being utilized.

    Good luck
    Signature

    yes, I am....

    {{ DiscussionBoard.errors[4335980].message }}
  • Profile picture of the author mattbaehr
    Ken -

    Great info - THANKS!
    Signature
    Get Your Own .EDU Pages for Less than $10 a Piece!! - How would you like to have your own content, anchor text and links on a .edu domain? You control it all from the text to the links. Now you can!
    {{ DiscussionBoard.errors[4336126].message }}
  • Profile picture of the author mattbaehr
    I finally figured out the culprit. It was a not-up-to-date version of the Akismet plugin that was their way in.

    Be sure you up date your Akismet plugin and all others for that matter!
    Signature
    Get Your Own .EDU Pages for Less than $10 a Piece!! - How would you like to have your own content, anchor text and links on a .edu domain? You control it all from the text to the links. Now you can!
    {{ DiscussionBoard.errors[4340855].message }}

Trending Topics