WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Username has been changed (11 posts)

  1. oldmankit
    Member
    Posted 1 year ago #

    I notice that my username has been changed. I am the only user, the administrator, the everything for this site. Today I tried to log-in and it failed. I was able to reset my password, but on the email it said my username was 'admin'. It didn't used to be 'admin'. Someone or something has changed it.

    My immediate thought was - bugger, hacked. However I can't find any evidence of a hacker. I have had a look around the directory tree of the server and can't see any suspicious files. I also note that none of the web pages seem to have been tampered with. But I haven't looked hard, and I know hackers can be careful about hiding and not being obvious. The problem with this is that changing my username is really obvious, so why would they do it?

    Is there any reason my username may have changed that does not relate to being hacked?

  2. Tara
    Member
    Posted 1 year ago #

    delete that user and create a new one with new username and pass.

  3. oldmankit
    Member
    Posted 1 year ago #

    delete that user and create a new one with new username and pass.

    That doesn't answer my question, which was this:

    Is there any reason my username may have changed that does not relate to being hacked?

  4. catacaustic
    Member
    Posted 1 year ago #

    Is there any reason my username may have changed that does not relate to being hacked?

    The only possibility is if there's some rouge plugin or something in your theme that's done that, but the chances of that are very remote. Those sort of changes are just about always the result of a hack attempt of some kind.

  5. oldmankit
    Member
    Posted 1 year ago #

    The only possibility is if there's some rouge plugin or something in your theme that's done that, but the chances of that are very remote. Those sort of changes are just about always the result of a hack attempt of some kind.

    Thanks for that clarity. It is what I feared. I have done everything within my power to ensure that this wordpress installation was clean and kept clean. I don't know what to do now : (

  6. catacaustic
    Member
    Posted 1 year ago #

    This is the "standard" list of resources that's always posted on here, so I'd recommend that you do the same as everyone else is told to do, and go through these one-by-one.

    You need to start working your way through these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Additional Resources:
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
    http://codex.wordpress.org/Hardening_WordPress
    http://www.studiopress.com/tips/wordpress-site-security.htm

    And remember... Just because your site got hacked, it doesn't mean that it was from a vunerbility on your site. Even though it is mostly the case, there are still times when it's other accounts on a shared server that are compromised and allow back-door access to your site and your databases. In the end it comes down to keepinng an eye on things and if things get to bad think about paying a professional firm/person to do the monitoring and virus removal.

  7. oldmankit
    Member
    Posted 1 year ago #

    I really appreciated this seasoned advice.

    I was so thorough in cleaning out the last time my site got hacked, and to find it cropping up again so soon, well my guess is that it might be a problem with my shared server. I'll contact them, but am not hopeful that they'll sort it out. Cheap hosting has its downsides.

  8. catacaustic
    Member
    Posted 1 year ago #

    The times that I've seen it occuring over and over again were from a vunerbility in a 3rd party script that was used by the themes of the sites that were affected. The one that got these sites was the TimThumb script. Even the newer "secure" versions let hackers in because it was jsut not secure enough. I had to modify the themes on 5 websites to get rid of that script, and all calls to it, in order to get the sites working again without them getting hacked every 2-3 days.

    If you get this happening often then I'd suggest switching back ot the default (and un-modified) theme and removing any plugins that are not 100% essential (and be very very ruthless on that front). If you use the basic WordPress core, the default themes and little or preferrably no plugins you'll find that it will become a whole lot more secure.

  9. oldmankit
    Member
    Posted 1 year ago #

    It seems like vulnerabilities are just everywhere. Pretty hard for non-experts to navigate.

    My theme is based on thematic, which seems very well-kept and probably secure. After the time I've invested in theming my site there is no way I will go back to the default theme.

    I do keep plugins to a minimum, but the thought of no plugins at all - wow, that is really minimal.

    I'm considering changing my hosting, but there is always a chance that I will just be carrying security holes from one host to another!

  10. Gene
    Member
    Posted 1 year ago #

    Hi Kit,

    I see two lapses in security on your site. You are exposing Apache index directory views and displaying errors on the server when an error is encountered. The problem with the first is that it exposes the contents of directories that dont have index files. And the second exposes file paths on your server. Both can reveal vital information to a bot or hacker.

    You can fix the first in Apache by make sure the indexes are turned off in the Options diective of your .htaccess file. Here is an example of an options directive with a no indexes setting:

    Options -Indexes

    and the second can be resolved by turning error display off in your wp-config file. look here for more on the wp-config file:

    http://codex.wordpress.org/Editing_wp-config.php#Configure_Error_Logging

  11. oldmankit
    Member
    Posted 1 year ago #

    Hi Gene,

    It's amazing of you to go to such lengths to help me secure my site.

    Turning off directory listing was as easy as you suggested.

    Error reporting is a bit harder.

    I added this to wp-config.php:

    @ini_set('log_errors','On');
    @ini_set('display_errors','Off');
    @ini_set('error_reporting', 4339 ); //only log errors you will want to know about
    @ini_set('error_log','/home/myusername/logs/php_error.log');
    define('WP_DEBUG', false);
    define('WP_DEBUG_LOG', false);
    define('WP_DEBUG_DISPLAY', false)

    I created the file /home/myusername/logs/php_error.log and gave it 600 permissions. How would I test that it is correctly logging to this file? It's still zero bytes.

    Kit

Topic Closed

This topic has been closed to new replies.

About this Topic