Is this to do with the Great WP Attack?

by raydp 6 replies
I spent some time yesterday making quite a few alterations to one of my WP sites. I updated everything and all was OK.

This morning I woke my computer and the new page was showing on my screen just fine. I logged in on a different tab and found my work had all been undone! When I refreshed the screen on the other tab it was a blank page. In other word, the page was saved, but the content was gone!

Apart from some changes I'd made to the home page earlier, my new page content had vanished it was just as it was before I started.

I just wonder if somehow my host, Hostgator Reseller Account, had done some sort of back up and restored after I'd worked on the site.

I've built hundreds of WP based sites but never had this happen before.

Any thoughts on this appreciated,

Ray
#website design #attack #great
Avatar of Unregistered
  • Profile picture of the author RobinInTexas
    Is wordpress showing the revision history of the page/post?

    If the history doesn't show in the edit window you should be able to turn it on using the "screen options" dropdown in the edit dashboard when you are editing a post or a page. The settings for post and pages are separate, they can be on for one and hidden in the other.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[7988138].message }}
  • Profile picture of the author Craig Allen
    I recommend you few things :

    1. Install Wordfence plugin
    2. Create custom login url for admin login
    3. Modify .htaccess file and add a string of conditional which will contain an ip adress which will be allowed to access admin login page. All others will be redirected to 404 page.

    Here, grab the code for it to happen:

    order deny,allow

    Deny from all

    # whitelist IP address

    allow from xx.xxx.xx.xx





    order deny,allow

    Deny from all

    # whitelist IP address

    allow from xx.xxx.xx.xx

    ------

    I tell it in first instance to make you act as quick as it's possible and prevent future possible attacks.

    Now my opinion - this was not an attack but I suggest you check your most delicate files if there isn't any changes made to them recently. Hope also that you remember about setting proper permissions to the most fragile ones. Check your error log also and paste it here. We'll try to review it and answer your questions.

    Btw. who do you host with ? I'm asking cause a sign of attack can be a message from your host when you try to login back to your admin panel saying "Wordpress administrator area access disabled temporarily due to widespread brute force attacks".

    That are my 2 cents to this thread : )
    Signature
    You Can't Miss This!

    Business card included, Unlimited Revisions, rich portfolio.
    Please help us grow simply by clicking the link above
    {{ DiscussionBoard.errors[7988427].message }}
    • Profile picture of the author rhinocl
      Craig do you know if there is a way to use a wild card in the ip?
      I log on from a number of different locations but all in the same city.
      {{ DiscussionBoard.errors[7988808].message }}
      • Profile picture of the author Michael71
        Stupid htaccess Tricks : Perishable Press

        Originally Posted by rhinocl View Post

        Craig do you know if there is a way to use a wild card in the ip?
        I log on from a number of different locations but all in the same city.
        Signature

        HTML/CSS/jQuery/ZURB Foundation/Twitter Bootstrap/Wordpress/Frontend Performance Optimizing
        ---
        Need HTML/CSS help? Skype: microcosmic - Test Your Responsive Design - InternetCookies.eu

        {{ DiscussionBoard.errors[7989233].message }}
      • Profile picture of the author RobinInTexas
        Originally Posted by rhinocl View Post

        Craig do you know if there is a way to use a wild card in the ip?
        I log on from a number of different locations but all in the same city.


        Best is to use ftp and edit the .htaccess file with each new IP

        Or you can protect the wp-admin directory with .htaccess basic authentication.
        If you protect the wp-admin directory you need to allow public access to admin-ajax.php, called by a few plugins. You can do that by adding this code after the normal password protection to htaccess:

        <FilesMatch "admin-ajax.php">
        Satisfy Any
        Allow from all
        </FilesMatch>
        Signature

        Robin



        ...Even if you're on the right track, you'll get run over if you just set there.
        {{ DiscussionBoard.errors[7991729].message }}
  • Profile picture of the author SteveJohnson
    Geez, talk about overkill.

    #1 - limiting WP backend to specific IP is a bad idea, unless you really WANT to FTP into your server every time you want into your Dashboard.

    #2 - if this was the result of a hack attack, I'll eat my hat.

    You've left out a lot of information here. 'Updated everything' isn't exactly enough to troubleshoot your issue, nor is 'just a blank page'. NOTHING on the browser screen, just white? Or a page on your site with no content? Or the dashboard edit screen and the editor has no text?

    I can think of a number of scenarios that may account for what I think you might be seeing.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[7993108].message }}
Avatar of Unregistered

Trending Topics