WordPress.org

Ready to get started?Download WordPress

Forums

WP hacked - need help (12 posts)

  1. warpdesign
    Member
    Posted 4 years ago #

    My wordpress sites have been continually hacked for over a year now. I've tried everything trying to harden WP and my servers to keep my WP sites from not getting hacked but nothing has worked. The hacks are always in the plugins folder. I'm always running the most current version of WP and take updates as soon as they're available. I've made sure all the file and folder permissions are correct. I've updated all passwords many times. Can anyone help me? I'm about ready to abandon WP all together.

  2. whooami
    Member
    Posted 4 years ago #

    // email removed. Ive offerred to help this person before and never heard from 'em. No worries.

  3. iridiax
    Member
    Posted 4 years ago #

    The source of the hack can also be on your own computer (scan it) or on your web host's server (contact them). See:

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

  4. warpdesign
    Member
    Posted 4 years ago #

    @whooami I would love your help, I will email you at the address you provided before, however I don't have server logs going back more than 5 days and no clue how to access/read them.

  5. whooami
    Member
    Posted 4 years ago #

    email me here, I have some freetime

    help.me.with.wordpress@gmail.com

    oh and seriously, even if you are on a mac, scan your own machine.

  6. warpdesign
    Member
    Posted 4 years ago #

    Email sent. I am on a mac, but not sure how/what to scan. I don't have any software for scanning anything on my machine. What should I use to scan and what am I looking for?

  7. warpdesign
    Member
    Posted 4 years ago #

    Just by way of more info, here's everything I've tried:

    Deleted all files on my server and started with a fresh WP install.
    Changed all my WP passwords
    Changed all my server passwords
    Always kept WP up-to-date
    Have switched to other plugins and kept up-to-date on those
    deleted all customizations and used standard templates
    double checked all file and directory permissions
    contacted my web host (dreamhost) for help (no help)

  8. whooami
    Member
    Posted 4 years ago #

    avast makes a mac edition, you can get it right off apple.com

  9. The hacks are always in the plugins folder.

    Have you considered the painfully obvious? That one of your plugins is evil?

  10. warpdesign
    Member
    Posted 4 years ago #

    Actually, I deleted all my plugins a while back out of desperation. The one that is getting hacked most often is Askimet because every time WP alerts me that there is a new version available and I update it downloads askimet whether I want it or not. I don't think that plugin is "evil" though, just the only one in there for them to hack.

  11. The one that is getting hacked most often is Askimet because every time WP alerts me that there is a new version available and I update it downloads askimet whether I want it or not.

    I may be misunderstanding something here, but it sounded like you just said this: Every time I update Akismet, it downloads a new version of Akismet.

    To which ... uh, yeah? That's what updates do.

    How are you so certain the 'hacks' are in the plugins folder? And what are the folder permissions on that folder?

  12. warpdesign
    Member
    Posted 4 years ago #

    @Ipstenu

    No you misunderstood what I was saying. I delete all plugins including Askimet but when a new update is available it re-installs Askimet. I suppose if I manually updated every time I could customize what files get updated and what files don't.

    As for why I know it's the plugins folder, the hacked files are easy to spot and remove. They will, for example, create a new new file in a plugins folder named the same as the plugin with .bak (i.e. plugin.php.bak) and other type of strangely named file additions.
    when I delete those files the injected spam links disappear from my site.

    I ensure that my plugins folder always has the correct file permissions but the hackers are able to reset the file permissions of the folder and sub folders to 777. This has happened on various WP blogs in multiple hosting accounts. The hackers also always create rouge WP users which I continually delete from my MySQL database.

    Right now I'm in "wait and see" mode, by which I mean I'm waiting to see if I've finally expunged them completely from my site. Unfortunately it could be months and months before I know if my site is still open to the hackers.

Topic Closed

This topic has been closed to new replies.

About this Topic