WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Cant acces website (2 posts)

  1. joshbutcher1@hotmail.com
    Member
    Posted 2 years ago #

    HI I haven installed bullet security after my site was hacked and weird images started to appear. I am totally green to this sort of thing and installed bullet security, I click maintenance mode and now cannot acces m dashboard or the site. I get a ip adress reading. Please can some one talk me through the steps to get my site back up?

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Ok the first thing to point out is that BPS is website security protection against your website being hacked. If your website is already hacked then installing BPS on a hacked website will not automatically clean up or remove all the hackers code and files from a hacked website.

    You can try and use a scanner to find hackers code and files and cleanup the website, but i recommend actually restoring the website from a good backup or doing a clean install of the website and importing your database content into your new clean WordPress database. The reason for this is scanners will find obvious hackers malicious code and Shell scripts, but typically not the hacker files that generate the hackers malicious code and hidden backdoors. And of course you want to change all of your passwords - FTP, web host,SSH,etc.

    Example: A hacker uploads a Shell script to your site and creates an auto-Shell file creator. The scanner finds the Shell script and deletes it - the scanner does not detect the auto-Shell file creator. the auto-Shell file creator will automatically create a new hacker Shell file/script again.

    Another method that hackers use to avoid detection by scanners is this. they install hidden backdoor scripts that are not detectable by scanners. The scanner finds the hacker's malicious script/code and the Shell script, but does not find the backdoor script. The hacker remotely accesses the backdoor script and creates a new Shell script and the same malicious files will be added to your website all over again. A backdoor script could just be a plain old simple upload form with no malicious code in it whatsoever. it will appear completely legitimate to a scanner because it does not contain any malicious code at all.

    So if you have already restored or reinstalled your website clean then all you need to do to access your WP Dashboard is use FTP or your web host control panel file manager and delete the .htaccess file that you see in your website root folder. then log into your website, click the AutoMagic buttons and activate all BulletProof Modes.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic