WordPress.org

Forums

Easy Career Openings Plugin (2 posts)

  1. jlhoyt60
    Member
    Posted 1 year ago #

    One of our websites was hacked last night, 8/28/2013. The hosting company narrowed it down to malicious coding that was added to a plugin called 'easy-career-openings', which was uploaded to the site through WordPress.org. The entire site was wiped out and replaced with garbage links and tables. We implemented a 3-attempt login lockout, but that didn't stop the hackers. When they couldn't get in by changing our username/password, they went in through a weak plugin.

    Question: who at WordPress.org vets the plugins that are available through them?

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    The hosting company narrowed it down to malicious coding that was added to a plugin called 'easy-career-openings'

    This does not mean that the plugin was to blame. You need to start working your way through these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Anything less will probably result in the hacker walking straight back into your site again.

    Additional Resources:
    Hardening WordPress
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Topic Closed

This topic has been closed to new replies.

About this Topic