WordPress.org

Ready to get started?Download WordPress

Forums

Hacked and new user added (10 posts)

  1. prue85
    Member
    Posted 12 months ago #

    I received an email yesterday stating that over the previous 24 hours many Word Press sites with the username "admin" had been compromised. Not thinking that this could happen to me I only checked it out today. When I went to the network administrator users (https://www.gotogirltix.com.au/wp-admin/network/users.php) there had been another user added. Of course I deleted it straight away.

    I then did the following...
    - removed the admin user ( from https://www.gotogirltix.com.au/wp-admin/users.php)and (from https://www.gotogirltix.com.au/wp-admin/network/users.php)
    - I reset the passwords for my new usernames that I created here to be more difficult
    - I set my display name for posts to be different to what my username is for both

    However I am still concerned about future hacks... I have tried installing "Better WP Security" plugin however when activating it, it put my website in a re-direct loop and it no longer works.

    Is there another plugin I could use or what other steps should I be taking to ensure that nothing else was changed on my site?/Future hacks

    Any help is appreciated.

  2. leejosepho
    Member
    Posted 12 months ago #

    Wordfence Security will scan all WordPress core and plugin files and let you know wherever/whenever a file does not match the original:
    http://wordpress.org/plugins/search.php?q=wordfence+security
    However, you might occasionally see a changed file reported that actually came in as a "quiet update" from a plugin developer. Then, Wordfence also has some features for dealing with bots and failed logins.

    I added Captcha to login after yesterday's attack, and I have asked a developer about making a plugin that will do that only after a *failed* login to keep my host happy without making registered users prove themselves human in order to log in.

  3. bcworkz
    Member
    Posted 12 months ago #

    If a hacker successfully registered himself as an administrator, it's very likely he installed a backdoor, which can be very difficult to find. Unless you eliminate this possibility, it may not matter what security plugins you've installed. The only sure way to fully clean a site is to wipe it all and restore from a known clean backup.

  4. Tara
    Member
    Posted 12 months ago #

  5. prue85
    Member
    Posted 11 months ago #

    Thanks for all the help guys - I have decided to do a system restore of my laptop and also get my host to do a reset of my account allowing me to start from scratch.

    Is it possible for me to install word press locally to re-build the site before I reset it to minimise down time (so I don't get black listed by google)?

    Thanks again :)

  6. Krishna
    Volunteer Moderator
    Posted 11 months ago #

  7. prue85
    Member
    Posted 11 months ago #

    Thanks Krishna :) Am I able to upload my finished site from my local machine to my host via FTP once completed?

  8. Krishna
    Volunteer Moderator
    Posted 11 months ago #

  9. prue85
    Member
    Posted 11 months ago #

    Given that I will essentially be starting from scratch to build my website again is that the right link? I will need to copy other info other files? I don't really understand whats in the databases...

    All I want to do is re-build my site offline so that I can disable completely the one that's currently online (corrupt) then completely disable it and upload the one I built offline. Will this be possible with the first link you sent?

  10. Krishna
    Volunteer Moderator
    Posted 11 months ago #

    If you are not experienced in setting up WordPress locally, this program will be the easiest as it installs WordPress and gives you a ready to Work site: http://www.instantwp.com

    Then you can download your database and then import into it and go through every table to look for intrusions/ malware and remove them. If anything goes wrong you can reinstall and work again without any outside help. Once you find your site ready to go online, you can delete everything in your site, reinstall WordPress and again import your database back to your site. You may need to keep a note of your plugins, theme, etc. and for more safety, download your media/image files too. You may need to replace the site URLs by a search and replace function when importing to your servers (local/online). Once you start working, you will understand everything - perhaps by trial and error if you are new to these procedures. But then, don't worry, that's how everyone learns.

Reply

You must log in to post.

About this Topic

Tags