Anneleen
Member
Posted 10 months ago #
Hello,
yesterday my blog http://www.mllsdemode.be was hacked. I immediately asked my friend who knows a lot about coding and stuff to get everything back in to place. It was hacked by someone with the following e-mailadresse hajojow@hotmail.com
My friend told me that he could hack my site via a plugin. Here is a list of all the plugins I've got installed:
- AddToAny: Share/Bookmark/Email Buttons
Akismet
And The Winner Is…
Facebook Share Statistics
Fast Secure Contact Form
GL Facebook Likebox
HeadSpace2
Quick Cache
SEO Smart Links
Simple Social - Sharing Widgets & Icons
StatPress Visitors
Thank Me Later
Twitter Widget Pro
Viper's Video Quicktags
W3 Total Cache
WordPress Editorial Calendar
WordPress Importer
WP-Paginate
WP-Table Reloaded
WPtouch
Yet Another Related Posts Plugin
Anyone got an idea which plugin is responsable and has anyone had the same problems?
smartobject2
Member
Posted 10 months ago #
If your friend cannot tell you which plugin, I would suspect the friend is simply stating a hypothetical premise.
I think esmi is telling you to be sure you have the most recent versions of the plugins and the plugins should come from WordPress.org
After that...
If you cannot contact the friend for clarification, get a ftp copy of the plugins directory downloaded to your computer and do a text search for things like eval, base64 and the malefactor's email address above.
Cheers,
Lee
Whilst insecure - or even malicious - plugins are a possibility, most hacks of sites using the latest version of WordPress tend to have been compromised by the hacker entering the server elsewhere. The links I gave above give advice on clearing the hack - and any semi-hidden backdoors - out of your site. But you should also contact your hosts about this as it is far more likely that their server has been compromised.
