WordPress.org

Ready to get started?Download WordPress

Forums

Firewall plugin found malware in search function (3 posts)

  1. Drawer
    Member
    Posted 3 years ago #

    I have Ipower host, which is suspect by many WP owners now, but I don't know if this is a security breach with them.

    Added Plugin Firewall WordPress 2 2 weeks ago. I got notified yesterday that someone inserted code in my search function, like this:
    's = Search this site.../trackback'.
    I assume anyone using the search function would get redirected. This is only in one of my 4 blogs.

    Has anyone ever seen spam be able to get in the search function before?

    Also, I would like to tighten up my permissions, but 644 doesn't work for my ftp nor my host. I finally had to settle for 754. Not much different from 755, but not sure what else I can do. Suggestions?

  2. Jonas Grumby
    Member
    Posted 3 years ago #

    The fact that you got an email means that the attack was blocked.

    Your whole site should be 755 except .htaccess and wp-admin/index.php which should be 644.

  3. Drawer
    Member
    Posted 3 years ago #

    Thanks, Jonas, for the confirmation on permission. I do have that, just wanted to make sure that wasn't my fault.

    And you're right, Firewall did stop it. But I'm concerned that somehow the hacker got inside my WordPress! How?!

Topic Closed

This topic has been closed to new replies.

About this Topic