Support » Plugin: iThemes Security (formerly Better WP Security) » Better WP Security HACKED!

  • Resolved SuperFlies


    Hi there,

    I installed this plug-in because of all the rave reviews. It seemed to be going well. I enabled the ‘Hide Backend Admin Login’ option and… all the sites got hacked. ALL! The sites are up and running, but when I go to log into the admin URL I set using the stupid plugin… it’s hacked. NO ACCESS! How do I fix this!

    Any suggestions as to what I can do? I mean, seriously. This has me pretty ticked off.

    Please advise.

Viewing 11 replies - 1 through 11 (of 11 total)
  • Seems unlikely the plugin hacked your site. Though security plugins can conflict with other plugins, etc. It’s quite common actually and easily remedied.

    I would next log in via FTP or File Manager and for the moment delete that particular plugin directory.

    I would not give up hope on this plugin either. It’s quite beneficial once you figure out how to set it up appropriately for your site.

    I know the plugin didn’t hack the site. The hackers who hacked the plugin did.

    These same hackers hacked the site without the plugin. Now after 2 months of seemingly smooth sailing, the same hackers came back and hacked the Better WP Security plugin and now I don’t have access to the backend.

    I would next log in via FTP or File Manager and for the moment delete that particular plugin directory.

    Did you try the above yet?

    Yep. No luck…

    I can visit the standard wp-admin.php login, but it won’t accept my user info. I then also visit the security URL as suggested by the Better WP Security plugin and that is where I am hacked.


    The type of hack on your site atm is almost always done through a stolen FTP password (in my experience).

    That said, your best course of action is first contact your host and get them to recover your website from backup. Once you have a clean copy in place then run (don’t walk) in making sure all your stuff is updated, all user/passwords changed, etc.

    Seriously? So, that’s it? It’s not the plugin it’s via FTP?

    Without actually logging in and looking at logs I would say it’s more likely a password issue than a plugin issue.

    (no manner of security plugin will stop a hacker if hacker figures out your password)

    How much do you charge to log in and take a look?

    I’m sorry to hear this. As I’ve stated in many places no plugin can protect from everything. There are simply too many vectors. If ya’ll do figure out how they got in I would be curious to know so that I might be able to add protection for this vulnerability to help future users.

    @SuperFiles: Would you mind sharing if and how you were able to resolve this? (Your site looks accessible, though none of the images are loading for me.)

    Please try

    This topic has now been closed as per the Forum Rules

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Better WP Security HACKED!’ is closed to new replies.