Moderator
t-p
(@t-p)
delete that user and create a new one with new username and pass.
delete that user and create a new one with new username and pass.
That doesn’t answer my question, which was this:
Is there any reason my username may have changed that does not relate to being hacked?
Is there any reason my username may have changed that does not relate to being hacked?
The only possibility is if there’s some rouge plugin or something in your theme that’s done that, but the chances of that are very remote. Those sort of changes are just about always the result of a hack attempt of some kind.
The only possibility is if there’s some rouge plugin or something in your theme that’s done that, but the chances of that are very remote. Those sort of changes are just about always the result of a hack attempt of some kind.
Thanks for that clarity. It is what I feared. I have done everything within my power to ensure that this wordpress installation was clean and kept clean. I don’t know what to do now : (
This is the “standard” list of resources that’s always posted on here, so I’d recommend that you do the same as everyone else is told to do, and go through these one-by-one.
You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://codex.wordpress.org/Hardening_WordPress
http://www.studiopress.com/tips/wordpress-site-security.htm
And remember… Just because your site got hacked, it doesn’t mean that it was from a vunerbility on your site. Even though it is mostly the case, there are still times when it’s other accounts on a shared server that are compromised and allow back-door access to your site and your databases. In the end it comes down to keepinng an eye on things and if things get to bad think about paying a professional firm/person to do the monitoring and virus removal.
I really appreciated this seasoned advice.
I was so thorough in cleaning out the last time my site got hacked, and to find it cropping up again so soon, well my guess is that it might be a problem with my shared server. I’ll contact them, but am not hopeful that they’ll sort it out. Cheap hosting has its downsides.
The times that I’ve seen it occuring over and over again were from a vunerbility in a 3rd party script that was used by the themes of the sites that were affected. The one that got these sites was the TimThumb script. Even the newer “secure” versions let hackers in because it was jsut not secure enough. I had to modify the themes on 5 websites to get rid of that script, and all calls to it, in order to get the sites working again without them getting hacked every 2-3 days.
If you get this happening often then I’d suggest switching back ot the default (and un-modified) theme and removing any plugins that are not 100% essential (and be very very ruthless on that front). If you use the basic WordPress core, the default themes and little or preferrably no plugins you’ll find that it will become a whole lot more secure.
It seems like vulnerabilities are just everywhere. Pretty hard for non-experts to navigate.
My theme is based on thematic, which seems very well-kept and probably secure. After the time I’ve invested in theming my site there is no way I will go back to the default theme.
I do keep plugins to a minimum, but the thought of no plugins at all – wow, that is really minimal.
I’m considering changing my hosting, but there is always a chance that I will just be carrying security holes from one host to another!
Hi Kit,
I see two lapses in security on your site. You are exposing Apache index directory views and displaying errors on the server when an error is encountered. The problem with the first is that it exposes the contents of directories that dont have index files. And the second exposes file paths on your server. Both can reveal vital information to a bot or hacker.
You can fix the first in Apache by make sure the indexes are turned off in the Options diective of your .htaccess file. Here is an example of an options directive with a no indexes setting:
Options -Indexes
and the second can be resolved by turning error display off in your wp-config file. look here for more on the wp-config file:
http://codex.wordpress.org/Editing_wp-config.php#Configure_Error_Logging
Hi Gene,
It’s amazing of you to go to such lengths to help me secure my site.
Turning off directory listing was as easy as you suggested.
Error reporting is a bit harder.
I added this to wp-config.php:
@ini_set('log_errors','On');
@ini_set('display_errors','Off');
@ini_set('error_reporting', 4339 ); //only log errors you will want to know about
@ini_set('error_log','/home/myusername/logs/php_error.log');
define('WP_DEBUG', false);
define('WP_DEBUG_LOG', false);
define('WP_DEBUG_DISPLAY', false)
I created the file /home/myusername/logs/php_error.log and gave it 600 permissions. How would I test that it is correctly logging to this file? It’s still zero bytes.
Kit
