Hey Guys, me and a few others run a music news website and over the past week we have been attacked. Our wordpress installation has been hijacked with ...PHP eval(base64_decode('JGNvZGVsb')); ? being included in all of our PHP files and many <script="http://xxxxxx/guidit.php"> being added after the </head> on our pages. After some research ive found out its a Gamburl virus. We are running the latest stable version of WordPress (2.9.2)
We've done everything, changed FTP and login passwords, restored the site with clean files, started over with a fresh wordpress install and database and have even changed hosting company completely but no matter what we do the virus/hackers just keep coming back.
I have the following installed;
Microsoft Security Essentials
SUPER Anti Spyware
MSE has always picked up the virus as soon as I try entering the site and find out its infected, its good at that. It has always quarantined and deleted the trojan. Ive done several scans with SUPER and MalwareBytes too.
This morning was the 5th time we've been hacked, I just dont understand how they are getting in so easily.
1) Changed FTP and wordpress user passwords
2) Clean wordpress install with clean theme files
3) Changed the database prefix from "_wp" to something else
4) Disabled comment forms as was told SQL injections can be performed this way
5) Secured the login form with LoginLockDown plugin
6) Installed 'Exploit Scanner', 'Wordpress Firewall', WP Security, Anti Virus plugins.
Followed the steps on here
It just seems our site is being targeted time and time again by hackers that really do not want to see us online, possibly a rival site. What can I do to stop them hacking us? They seem to be doing it like a breeze. I was told to look at other systems and not use WordPress anymore but I'd rather not get rid of WP as myself and most of the writers really like it.
Any help will be appreciated.