WordPress.org

Ready to get started?Download WordPress

Forums

about hacking my web site (ayrun.com) (5 posts)

  1. ayruncom
    Member
    Posted 11 months ago #

    I am using a plugin wordfence which is excellent. Few days ago it warns me twice that my HTML, PHP,files ,core etc. has been severely changed; and they fixed eveything again. But, now when I check wordfence I saw that I have 2 themes which is not correct. I am using ofonly Twenty-eleven theme. But, according to wordfence, I have also twenty-thirteen themes too. Who put this theme in my site? I don't know. Besides that, today I visitmy account in WordPress. com . Surprisingly I saw that I have 35 pages (articles). İn reality I have only 33 articles. Two more articles comes from where? I don'T know. How can I stop hackers to reach my website? Do I have opprtunity to find them? I will delete all of my articles from this website; and keep my website inactive. May be in that way I can prevent their actions. Do you think it works? Please, help me to solve this problems. İt makes me fed-up.
    Thank you.
    Yours sincerely,
    Ayşe Nuray Ünyay

  2. catacaustic
    Member
    Posted 11 months ago #

    Did you update to 3.6 recently? That's how the TwentyThirteen theme gets added in. It's part of the upgrade and is added automatically.

    As far as the articles in wordpress.com - we can't support that here.

    http://en.support.wordpress.com/com-vs-org/

    You'd need to ask that on the wordpress.com forums.

  3. Tara
    Member
    Posted 11 months ago #

  4. Shafan Hameed
    Member
    Posted 11 months ago #

    hi. I am new in wordpress platform but since i am using wordpress i learn alot and being alike with it as its alot customizeable. i made a e-commerce website but after a while it got hacked. i reinstall everything as i wasn`t aware about fixing wordpress sites and i was workind on it happily. i added a form using Mingle Forum plugin and opens its membership for users to register in my website but again it got hacked.

    about telling the situation i want to know few things

    1) how to hide wordpress permalinks from source code as it is mentioned like http://www.mysite.com/wp-content/plugin/etc..
    if we change the folder names then it will be like this
    http://www.mysite.com/folder_name/module/etc...

    i saw some websites they had their permalinks like
    "/folder_name/etc.." or "/folder_name/module/etc.."

    how to do this ??

    2) how to secure the website from hackers that they cannot hack the website along with membership option so users can register theirselves to the website ?

    3) how to hide wordpress in its login page and registration page ?
    4) how to set users permissions within the wordpress ?
    5) how to make a double registration pages/forum and their route 1) for shoppers and the other is for bloggers with different type of access so the bloggers can read and write posts only on the blog section and the shoppers can only buy and cannot write any post.

    does anyone had any of these or had these answers ?

    Kindly help Specially in hacking issue. cause i am getting fedup being hacked and thinking to change the CMS source what i really dont want.

  5. bcworkz
    Member
    Posted 11 months ago #

    Hello Shafan Hameed,

    The WordPress core in its latest version is very secure with no known exploits. Even so, it can be made even more secure, see Hardening WordPress. Of course, this security is useless if you use weak passwords. Another avenue for exploits are third party themes and plugins, especially any that have some sort of file upload capability. Be selective in which themes and plugins you choose.

    Hiding the login page and other resources is not really worth doing. This is a form of security by obscurity, which is a weak measure at best. Expend your efforts in preventing access instead of hiding things away where they will eventually be found anyway.

    The remainder of your questions can be resolved by properly setting up user roles and capabilities, and then ensuring scripts verify such capabilities before performing any restricted task. You can write custom script for this setup, or use any of a number of plugins that provide a user interface to do so. I use the "Members" plugin for this and am satisfied with it, not to diminish other plugins which I have not tried.

    BTW, next time you have a question here, feel free to start your own topic. You will get more attention that way, as well as it is the preferred practice of the forum admin.

Reply

You must log in to post.

About this Topic