WordPress.org

Ready to get started?Download WordPress

Forums

Help securing hijacked sight (2 posts)

  1. CalcifEye
    Member
    Posted 5 months ago #

    Hi.

    A few weeks ago a WordPress site that i was building was hacked.

    the website was under development on and off so i wasn't vesting it often
    so wan I got an email saying my sight head been auto updated to WordPress 3.8.1.
    I want to see if the site was still working and i was greeted with this...

    image

    so after a long night of talking to my host, changing passwords & resetting my WP user account, I finally got logged back into the site.

    i fond that my WordPress login info had been changed and my site was filed with i ifarms/redirects?

    I couldn't find how to get read of theme but i really din't try that hard
    after some advise from my host a just up and delated the /public_html directory.

    I'm not sure how they got into the WordPress admin area my password/username were both secure. the only other user was my father and he sad he's password was up to specs
    (8 letters long numbers & spacial caricatures)
    but he deed say he had used it with other sites. also after a scene of he's windows comp i deed find a torsion virus, but it was still in an unopened email attachment so i don't think it was the source.

    also I'm sure that your thinking that maybe i should have updated to WordPress 3.8.1. wan it first came out and not what for it to auto update? because that's what I'm thinking.

    so now its a month or so after that little endeavor and I've installed the limit login attempts plugin. and its blocking 16 login attempts each day since installing it. most login attempts look like there just from random bots with username: admin and IP addresses from all over the world.

    But one attempt every week or so is from the same ip address: 109.161.180.120 (witch is from Bahrain according to this site )

    so to some up this long winded post. I am looking for some advise on how to move forward from here on a few key points:

    1. by deleting the /public_html directory, reinstalling WordPress and changing usernames/passwords have a removed any chance of a backdoor? ore do further steps need or be taken to secure the site.
    2. is installing the limit login attempts plugin and keeping a strong username/password enough to not have to worry about the login attempts or is there something more that can be dune?
    3. Is there anything else that you recommend for general security wan developing WordPress site(s) e.g. Cloud Flare, vaultpress. or is the above good enough?

    sorry if this is the wrong place to post this. but since this problems are all WordPress related I'm not sure ware else to ask. if you know a bater forum/site please share a link.

    Any help with this would be greatly appreciated.

  2. Senff
    Member
    Posted 5 months ago #

    tl;dr

    This would be a good resource for you to check: http://codex.wordpress.org/FAQ_My_site_was_hacked

Reply

You must log in to post.

About this Topic