My wordpress sites have been continually hacked for over a year now. I've tried everything trying to harden WP and my servers to keep my WP sites from not getting hacked but nothing has worked. The hacks are always in the plugins folder. I'm always running the most current version of WP and take updates as soon as they're available. I've made sure all the file and folder permissions are correct. I've updated all passwords many times. Can anyone help me? I'm about ready to abandon WP all together.
WP hacked - need help (12 posts)
-
warpdesign
Posted 1 month ago # -
// email removed. Ive offerred to help this person before and never heard from 'em. No worries.
-
The source of the hack can also be on your own computer (scan it) or on your web host's server (contact them). See:
-
Posted 1 month ago #@whooami I would love your help, I will email you at the address you provided before, however I don't have server logs going back more than 5 days and no clue how to access/read them.
-
email me here, I have some freetime
help.me.with.wordpress@gmail.com
oh and seriously, even if you are on a mac, scan your own machine.
-
Posted 1 month ago #Email sent. I am on a mac, but not sure how/what to scan. I don't have any software for scanning anything on my machine. What should I use to scan and what am I looking for?
-
Posted 1 month ago #Just by way of more info, here's everything I've tried:
Deleted all files on my server and started with a fresh WP install.
Changed all my WP passwords
Changed all my server passwords
Always kept WP up-to-date
Have switched to other plugins and kept up-to-date on those
deleted all customizations and used standard templates
double checked all file and directory permissions
contacted my web host (dreamhost) for help (no help) -
avast makes a mac edition, you can get it right off apple.com
-
The hacks are always in the plugins folder.
Have you considered the painfully obvious? That one of your plugins is evil?
-
Posted 1 month ago #Actually, I deleted all my plugins a while back out of desperation. The one that is getting hacked most often is Askimet because every time WP alerts me that there is a new version available and I update it downloads askimet whether I want it or not. I don't think that plugin is "evil" though, just the only one in there for them to hack.
-
The one that is getting hacked most often is Askimet because every time WP alerts me that there is a new version available and I update it downloads askimet whether I want it or not.
I may be misunderstanding something here, but it sounded like you just said this: Every time I update Akismet, it downloads a new version of Akismet.
To which ... uh, yeah? That's what updates do.
How are you so certain the 'hacks' are in the plugins folder? And what are the folder permissions on that folder?
-
Posted 3 weeks ago #@Ipstenu
No you misunderstood what I was saying. I delete all plugins including Askimet but when a new update is available it re-installs Askimet. I suppose if I manually updated every time I could customize what files get updated and what files don't.
As for why I know it's the plugins folder, the hacked files are easy to spot and remove. They will, for example, create a new new file in a plugins folder named the same as the plugin with .bak (i.e. plugin.php.bak) and other type of strangely named file additions.
when I delete those files the injected spam links disappear from my site.I ensure that my plugins folder always has the correct file permissions but the hackers are able to reset the file permissions of the folder and sub folders to 777. This has happened on various WP blogs in multiple hosting accounts. The hackers also always create rouge WP users which I continually delete from my MySQL database.
Right now I'm in "wait and see" mode, by which I mean I'm waiting to see if I've finally expunged them completely from my site. Unfortunately it could be months and months before I know if my site is still open to the hackers.
Reply
You must log in to post.
