I have a self hosted wordpress blog that seems to keep getting hacked. They keep going in and adding a bad javascript redirect in the index file of my theme no matter what theme I'm using. I've changed all the passwords, deleted any unused logins, downloaded Wordfence Security. But somehow they keep getting in and changing it. What can I do to keep it from happening?
Theme Hacked (5 posts)
-
drunkenzombie
Posted 5 months ago #
-
Actually there are few things you need to look into.
1,Look into your control panel or error log message for those error encounter.
2.Summary the error log and find out what is the attack vertor target is at php or other.
3. Use Timthumb security scan on your wordpress and update it as most of the theme contain outdated Timthumb which prone to hack.
4. Use Theme Authenticity Checker (TAC) to scan for malicious code if you are using free theme.
5. Use a firewall to only allow the designated port for your blog only.
6. Use a IDS/IPS to protect your system from being rooted..................
There are lot more and i do not wish to get into more details least you do the basic.
-
You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html -
@esmi What the given the link is based on web application but network layer including the OS are not covered as this is a self host wordpress.
-
Agreed but anything beyond the web app are really outside the scope of these forums. There are far better resources elsewhere that deal with network and OS security.
Reply
You must log in to post.
