WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] hacked with bps (7 posts)

  1. egeier
    Member
    Posted 1 year ago #

    Hi,

    My webpage has been protected with BPS for quite some time. Today I got an email from google about a phishing link. I guess my blog has been hacked. Any advice? Is there any hole in the plugin?

    http://www.eddiegeier .com/~angel840/paypal.com/cy/cgi-bin/webscr-cmd_login-submit_dispatch_5885d80a13c0db1f8e263663d3faee8d0b7e678a25d883d0fa72c947f193/

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. The Hack Repair Guy
    Member
    Posted 1 year ago #

    BPS is an excellent plugin, though it won't help you if your FTP or dashboard password is compromised or stolen.

  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    1. Passwords being cracked: FTP, SSH, Control Panel, WordPress Login and WordPress Database password.

    2. Host Server itself has been hacked – not your individual website, but the Server that your website is on.

    3. Directory permissions that are set incorrectly – if you have set directory permissions to 777 by mistake then BPS cannot do much to protect those directories because they are writable to everyone.

    4. Installing a plugin or theme that contains exploitable code that appears to be legitimate and valid code. BPS blocks a large number of attack/hacker strings, but if the coding mistake in a plugin or theme is done in a way that that hacker would not need to use an attack string then BPS would not see that as an attack/hacking attempt.

    5. A weak point of entry on 1 or more sites under the same Hosting Account – Example: If you have 10 websites and 9 of them are protected with BulletProof Security, but a hacker manages to compromise/hack 1 of your websites that is not protected then all of your other websites would be hacked if a hacker has uploaded a Shell script to this hacked site. A hacker Shell script has the capability to access/control/hack all of your other 9 websites under a Hosting Account from the hacked website.

  4. egeier
    Member
    Posted 1 year ago #

    Thanks for your feedback. I am trying to figure out what to do better. Your information definitely helps.

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Hmm there was another paragraph that I posted that is not in my post above. See below.

    You can use a scanning plugin like Wordfence to find the hackers malicious code/payload files/backdoor files, but personally I have always chosen to restore (both website files and database) a hacked website from a good backup to make absolutely 100% sure that there are no hackers files that could have been missed by a scanner.

  6. egeier
    Member
    Posted 1 year ago #

    Thanks for the tip on the WordFence. Looks very good. By the way, I just got a reply from my provider. They had a technical issue, so some strange pages from different users appeared under my domain. Unfortunately these pages were kind of phishing pages. The provider fixed the issue, meaning the blog was NOT hacked. BPS still OK:)

  7. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Wow that is great news! The last time i had a website get hacked was a few years ago, but i still remember that experience like it was yesterday. Thanks.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.