WordPress.org

Ready to get started?Download WordPress

Forums

my wp blog has been hacked twice (12 posts)

  1. c.ploj
    Member
    Posted 6 years ago #

    a few month agoo i received an email from google that my site has been flagged as malware. so after some searchings i found out that someone has placed invisible links to casino-sites and such. i repaired the entire blog and the site was later unflagged by google. fine i thought and additionally updated my blog.

    now yesterday it happened again. so my question is, how do those subjects get into my own entries and change them (they have to be admins for that) i dont know the indepth of wordpress, so does anyone have a clue?

    thanks in advance

  2. Michael Torbert
    WordPress Virtuoso
    Posted 6 years ago #

    Upgrade to the latest version of WordPress and install http://wordpress.org/extend/plugins/wp-security-scan/

  3. c.ploj
    Member
    Posted 6 years ago #

    thank you, i will try that and see what it finds

  4. Jeremy Clark
    Moderator
    Posted 6 years ago #

    Also you need to check your database for rouge admins. Check both for wordpress users and actual database users.

  5. DanPhalen
    Member
    Posted 6 years ago #

    Jeremy, how the heck can a rogue admin get into the database? Is this a bit of superhacking, or do we need to beef up the WP MySQL security implementation?

  6. Jeremy Clark
    Moderator
    Posted 6 years ago #

    Well if when you set up the wordpress database user give full permissions to all the databases then if the wordpress is compromised then you have a compromised database server.

    Also if this is shared hosting they could have found another hole in someone's webspace and made it in that way. Not necessarily into the database but into your directory structure.

    Best bet is to change all passwords, even the database password, make sure you have proper permissions, and then make sure your plugins are up to data as well.

  7. mandeville49
    Member
    Posted 6 years ago #

    I have been contacted by Google Search Quality Team to say my site also has been compromised and they blocked it. I could find nothing wrong in the code and followed all the http://www.stopbadware.org recomendations but found nothing wrong. I removed the site from the server. Interested to hear you also had a security issue. Point is, is it really worth carrying on blogging if this sort of thing can happen?

  8. Michael Torbert
    WordPress Virtuoso
    Posted 6 years ago #

    Point is, is it really worth carrying on blogging if this sort of thing can happen?

    Mandeville49,

    Sure it's worth it. Don't let a bad experience get in your way. You may want to start off with moving to a new host. Change every password. Make sure you have the lastest version of WordPress and all your plugins. Make sure your plugins don't have any known security issues (google them to see what people say about them.) Change your passwords every so often.

    There will always be hackers, and there will always be hacked web sites. But don't let that discourage you.

  9. c.ploj
    Member
    Posted 6 years ago #

    hi, i once got it done, and i believe this time, too. it just takes a looong time until google revisites and takes of the maleware block.

    however, i have still one question:
    the wp security scan tells me this:

    "The file .htaccess does not exist in wp-admin/. "

    how should such a .htaccess file look like?

  10. c.ploj
    Member
    Posted 6 years ago #

    jeremy, what is a rouge admin and how do i check for such? i am not very familiar with databases

  11. c.ploj
    Member
    Posted 6 years ago #

    btw, it is absolutely bad that google still claims the site contains badware, but it doesnot! i hate this stopbadware lie

    this time i am nearly before stopping my blog, too, because noone will visit a blog where google states there is badware

    i wish someone wipes those badware liers from earth

  12. mandeville49
    Member
    Posted 6 years ago #

    I found links to casinos in my WordPress site too and deleted them, upgraded to 2.5.1, cleaned everything up and asked for my site to be reassessed by Google. A week later it is still flagged as unsafe. Shit this sort of thing because people who read your blog see the site is unsafe and probably don't return. So, you spend weeks building up a community and then bang -all your hard work is ruined. If your blog is linked to your company website (mine was) it also reflects on the image of your corporate site as well. Traffic to my site has fallen from 648 hits per day to 15 since this happened. Online sales have fallen from 325 sales per day to 0.

    The people who do this should be shot.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags