WordPress.org

Ready to get started?Download WordPress

Forums

WordPress hacked site (5 posts)

  1. cannon303
    Member
    Posted 1 year ago #

    Hi I have developed a wordpress site for a client of mine. Normally I provide hosting on my own dedicated server through a hosting supplier and have had issues in the past with hacking which has usually resulted through hacking into hosting control panel or FTP. This site in question however, the client has required the site to be hosted on their own server. Their server being their own physical server in their office rather than leased through a recognised hosting company.

    Their site has had the header.php files injected with php printed javascript. This affects both my activated theme that I have created as well as the unused twenty twelve, twenty eleven and twenty ten themes. Also the hacker has written spam posts. The posts are attributed to users that are not registered in the wordpress users control panel.

    I'm trying to work out whether the hacking is a result of vulnerabilities in my work having broken in to the wordpress control panel or as a result of hacking directly into the server / FTP. Their doesn't seem to be any server logs available for me to check.

    I wondered if anyone may have had experience of their wordpress site being hacked and whether it was through the wordpress installation itself or through the server or FTP?

    I am currently looking through the site to see if there are any vulnerabilities in my work, however I use very little plugins and they are well researched and fully trusted. During the creation of the site I have also taken steps to secure the site such as changing the $table_prefix in wp-config.php.

    What do you reckon? Was the site hacked or the server hacked?

    Your thoughts would be much appreciated.

    Thanks

    Chris

  2. esmi
    Forum Moderator
    Posted 1 year ago #

  3. cannon303
    Member
    Posted 1 year ago #

    Thanks Esmi, as usual great help. I'm chasing some of these up right now.

    What I'm trying to get at is the root cause.

    As I don't have control over the hosting I need to work out whether this is an issue I need to look into regarding the site scripting or whether I need to recommend more secure hosting. My gut instinct is it is a hosting issue but would like to invite input from anyone who has experience with this.

    or another way of putting it:

    Can you create posts by non registered users and alter theme php files such as header.php simply by exploiting vulnerabilities in the WordPress installation or do you really need some kind of FTP to do thet?

    Thanks

  4. esmi
    Forum Moderator
    Posted 1 year ago #

    If you gain access to the server and/or database, you can do whatever you want. Your hosts might be able to help you by providing copies of access logs but there's really nothing we can suggest from WordPress' end.

  5. cannon303
    Member
    Posted 1 year ago #

    I guess the question is then:

    If a hacker doesn't gain access to either the server or database and only manages to guess WordPress login details, can they physically change the header.php files and can they make posts that are not attributed to any user registered in the user control panel?

    I'm sure someone could develop a plugin that can do that but if they don't have access to ftp the plugin, then they can only install it directly through the WordPress plugins control panel which would mean the hackers plugin would have to be hosted on the WordPress.org site.

    Furthermore I did change the default table prefix at the time of creating the site so the hacker would have to guess that as well.

    For these reasons I believe that the hacker gained entry via directly hacking the server and database, but can't say for sure. So I'm sort of pooling opinion to see what others think. It would be good to get to the bottom of it and plug the leak.

Topic Closed

This topic has been closed to new replies.

About this Topic