Site hacked

  • Resolved dmweyer

    (@dmweyer)


    9 years ago

    [ Moderator note: moved to Fixing WordPress. ]

    Hi All,

    I have had a few of my sites hacked a few times over the last few months. I ensure that I am running the latest versions of plugins and word press itself. I am not very technical and since the hacks I am cautious about installing plugins.

    First questions is. I see that by default you can browse the directory structure of the uploaded content. Is this not a security issue and if so, why has WordPress not dealt with this.

    The second question is there a security plugin that anyone can highly recommend. I have read a few articles about improving security, and they seem to be very technical. I would prefer, if possible, if there were a plugin a could use.

    Thanks in advance

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    9 years ago

    First questions is. I see that by default you can browse the directory structure of the uploaded content. Is this not a security issue and if so, why has WordPress not dealt with this.

    Because that isn’t a WordPress issue. Your web server is misconfigured and that can be corrected via your Apache2 web server configuration. Your web server is configured for permitting directory listings.

    Give this a read.

    https://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml

    Before you make any changes to .htaccess or your Aapche2 web server configuration files make sure you have a backup copy first. If you make a change to the file then you could break your web server. Having the original unedited file will get you out of a jam if you don’t know where it broke.

    The second question is there a security plugin that anyone can highly recommend. I have read a few articles about improving security, and they seem to be very technical. I would prefer, if possible, if there were a plugin a could use.

    I can’t help you with that one. I do not use any security plugin myself. 😉

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    9 years ago

    Also if your site was hacked then carefully follow this guide.

    When you’re done, you may want to implement some (if not all) of the recommended security measures.

    sinip

    (@sinip)

    9 years ago

    And also presuming you run Windows as your desktop, you should have fully updated OS and antivirus software. On top of that, download, install, update and scan your computer with Malwarebytes Anti-Malware (free program). Just to pick up nastiness that AV software usually misses.

    Thread Starter dmweyer

    (@dmweyer)

    9 years ago

    Thanks guys @jan, will read the guide

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Site hacked’ is closed to new replies.