Support » Fixing WordPress » All my sites (6) hacked

  • I’m running 4.0.1 and all my sites (6) on hostgator are not accessible anymore since this morning using chrome. It says they are all infected with [ malware site deleted, why give them air time? ]

    I have two other sites, also 4.0.1, on another server and they are accessible.

Viewing 2 replies - 91 through 92 (of 92 total)
  • Try the Ninja Firewall +. This is an excellent firewall, the developer knows his firewall inside out, and added protection for this exploit a few versions ago. I’m not affiliated btw, just a very satisfied user.

    That said, if you have the slider installed then updating or replacing the plugin is a critical priority, while if you are already infected, then you would need to fully audit and clean your site.

    Moderator Jan Dembowski


    Forum Moderator and Brute Squad

    As this topic is going round and round and stopped being productive I’m closing this down.

    To summarize:

    1. Hackers once again exploited plugin code that was documented to be vulnerable in September.
    2. If you had that code on your server you were caught a sweep and many sites were hacked.
    3. Once you were hacked then as is often the case, additional backdoor code was installed. Just removing the plugin or 2 files is not effective. Your site is compromised and needs to be deloused.
    4. That step above sucks. There’s no easy or quick way to delouse a compromised site.
    5. The whole thing has been thoroughly documented at Sucuri’s site with additional follow up here.
    6. The lesson here is simple: Keep your code up to-date. If you do not then your site will be found and you will get compromised.

    If you are hacked by this then give those links a good read. Also consider reviewing the stock “You’re Hacked” reply. It’s a stock answer because it’s good.

    Much thanks to @perezbox and @ddsucurinet for the write up and assistance they’ve provided WordPress users.

Viewing 2 replies - 91 through 92 (of 92 total)
  • The topic ‘All my sites (6) hacked’ is closed to new replies.