WordPress.org

Ready to get started?Download WordPress

Forums

Site Hacked (3 posts)

  1. Hi,

    One of my sites was hacked with the "daysofyorr". I was able to sniff out the rogue code and wipe the script which was being automatically generated in my header and footer files.

    My site is back up and hack-free. However, what are all the suggested steps to prevent this from happening again?

    I have changed my password, and the auth keys in the wp-config file.

    Are there other steps I should perform?

  2. adpawl
    Member
    Posted 2 years ago #

    If you have a fresh and clean copy wp-admin, wpincludes and wp root directory files, fresh copy of all plugins, checked themes, checked and wp-config.php, .htaccess ....and other files do not included to orginal wp package ....then:

    http://codex.wordpress.org/Hardening_WordPress
    http://codex.wordpress.org/htaccess_for_subdirectories

    Make sure you do not use unsecured timthumb.
    Check your server logs.

  3. Excellent links, thank you! Those appear to be some pretty heavy duty settings to block potential attackers. And here I thought just changing the password and auth keys would be enough :-/

    It will take me a little while to work my way through those articles. But I'm sure the payoff will be a nice, secure site.

    Thanks for taking the time to respond.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.