WordPress.org

Ready to get started?Download WordPress

Forums

keep getting hacked (6 posts)

  1. santinimatias
    Member
    Posted 4 years ago #

    I'm relatively new using wordpress and I'm impress with this piece of software can do for you. However, 3 days after I uploaded and setup my first webpress site, I've been hacked every 2 to 3 days. I have done everything I can think of to get it fixed, but without success. It is a injection type of attack. I'm about to throw the towel, but want to give it a last chance by coming to you, experts!

    So this is what I have done:
    1. wp-config:
    - DB_name, DB_user, DB_password, DB_host with its correct information, using MySQL from 1and1.com
    - All four authentication unique keys are random.
    - table_prefix is a random with numbers & text.

    2. login has been changed from ADMIN to something else
    3. password is long and complicated
    4. All themes and gadgets I've been using are from webpress website, so they should be code-hacked-free.
    5. Security gadgets I've used are wp Firewall & wp scan.
    6. robots.txt to be disallow

    So the wpScanner tells me that everything looks fine and good.
    What am I missing?
    Why do I keep getting hacked?

    Please tell me what else I can do to try to get it running without having to transfer everything back to the ftp every day.

    Thanks in Advanced.

  2. Kevin S
    Member
    Posted 4 years ago #

    [link moderated] I hope this will help you to protect your blog. Please do let me know because my blog also was hacked several time with iframe injection.

  3. santinimatias
    Member
    Posted 4 years ago #

    After following your advice, making sure that all extra steps where met, plus the suggestions found at:
    http://www.wpbeginner.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/
    I'm stil getting hacked. When I open my website, it says:"Parse error: syntax error, unexpected '<' in /homepages/7/d291189118/htdocs/wp-includes/default-widgets.php on line 1034"

    what it could be? I really like using webpress, but I think this is taking way too much time from me.

    Please, any suggestions?

    thanks

  4. santinimatias
    Member
    Posted 4 years ago #

    Well, after doing some research for my issue, I came to realize that no matters what I do or how many protection gadgets I use, my website ALWAYS GET HACKED at the default-widgets.php.
    So I decided to remove default-widgets.php by using a little code I found that I added at the funtions.php found on my theme. So far, the website is still working, but I have to remember that the code I added will work for this specific theme, which is ok for now. I also removed the option for the users to change themes.

    I will post any changes, good or bad ones.

  5. Samuel Wood (Otto)
    Tech Ninja
    Posted 4 years ago #

    If you're on a shared server, then most likely the server itself was hacked from another site, and the lack of proper security allows them to run scripts on that machine which auto-hacks any other site it finds.

    My advice would be to a) tell your host to fix it and then when they don't, b) change hosts.

  6. santinimatias
    Member
    Posted 4 years ago #

    it's on 1and1.com which so far has been working really well, until I started working with wordpress.

Topic Closed

This topic has been closed to new replies.

About this Topic