WP Site Security Breach?

  • jrstudio

    (@jrstudio)


    11 years, 1 month ago

    Hey all,

    three weeks ago one of my clients received email from someone saying “Hello,
    I am a web penetration tester. I discovered a security vulnerability in your website which can be exploited to steal sensitive information from the database.
    Here are the usernames and passwords of your website:”

    He listed all of the usernames and passwords, but passwords he sent in email were in encrypted form, just like in database. Now, unfortunately I don’t have access to cPanel and db to check if those passwords are exactly the same. I thought that without unique authentication keys that are defined in wp-config.php those PWs are useless.

    Now couple of days ago someone logged in with one of the usernames and posted couple of spam posts. Obv. this is probably somehow connected.

    What I want to know how is possible that someone got information from our db and then possibly auth keys? WP is updated to latest version, and all plugins are as well.

    Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • barnez

    (@pidengmor)

    11 years, 1 month ago

    Somehow your details have been compromised, or a vulnerability has allowed access to your database (plugin/shared server/virus on home computer).

    Step 1 – Buy yourself some time:

    a) You should change your salt keys to log out all users.
    b) Then create a new admin level user and delete the compromised username and any others you see in the database
    c) Update your passwords for strong versions (such as jhj:)_sjG^&&%vH) to include WordPress dashboard/database/cPanel/FTP

    Step 2 – Find out and repair any damage:
    https://codex.wordpress.org/FAQ_My_site_was_hacked

    Step 3 – Prevent it from happening again:
    http://codex.wordpress.org/Hardening_WordPress

    Good luck!

    Thread Starter jrstudio

    (@jrstudio)

    11 years, 1 month ago

    Hey,

    thanks for answer, but if I change salt keys, will I be able to login with current passwords?

    barnez

    (@pidengmor)

    11 years, 1 month ago

    No problem at all.

    Changing the salt keys will only log out all users as it voids all the existing cookies in use. All existing passwords will be valid until changed. So, unless the hacker is actually monitoring that dashboard & database (v unlikely), you will have time to log everyone out, and the change the login credentials before they have a chance to log back in. There may be a backdoor back in, but at least this busy you some time to work through step 2.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘WP Site Security Breach?’ is closed to new replies.