WordPress.org

Support

Support » Plugins and Hacks » BulletProof Security » [Resolved] hacked with bps

[Resolved] hacked with bps

Viewing 6 replies - 1 through 6 (of 6 total)
  • BPS is an excellent plugin, though it won’t help you if your FTP or dashboard password is compromised or stolen.

    Plugin Author AITpro

    @aitpro

    1. Passwords being cracked: FTP, SSH, Control Panel, WordPress Login and WordPress Database password.

    2. Host Server itself has been hacked – not your individual website, but the Server that your website is on.

    3. Directory permissions that are set incorrectly – if you have set directory permissions to 777 by mistake then BPS cannot do much to protect those directories because they are writable to everyone.

    4. Installing a plugin or theme that contains exploitable code that appears to be legitimate and valid code. BPS blocks a large number of attack/hacker strings, but if the coding mistake in a plugin or theme is done in a way that that hacker would not need to use an attack string then BPS would not see that as an attack/hacking attempt.

    5. A weak point of entry on 1 or more sites under the same Hosting Account – Example: If you have 10 websites and 9 of them are protected with BulletProof Security, but a hacker manages to compromise/hack 1 of your websites that is not protected then all of your other websites would be hacked if a hacker has uploaded a Shell script to this hacked site. A hacker Shell script has the capability to access/control/hack all of your other 9 websites under a Hosting Account from the hacked website.

    Thanks for your feedback. I am trying to figure out what to do better. Your information definitely helps.

    Plugin Author AITpro

    @aitpro

    Hmm there was another paragraph that I posted that is not in my post above. See below.

    You can use a scanning plugin like Wordfence to find the hackers malicious code/payload files/backdoor files, but personally I have always chosen to restore (both website files and database) a hacked website from a good backup to make absolutely 100% sure that there are no hackers files that could have been missed by a scanner.

    Thanks for the tip on the WordFence. Looks very good. By the way, I just got a reply from my provider. They had a technical issue, so some strange pages from different users appeared under my domain. Unfortunately these pages were kind of phishing pages. The provider fixed the issue, meaning the blog was NOT hacked. BPS still OK:)

    Plugin Author AITpro

    @aitpro

    Wow that is great news! The last time i had a website get hacked was a few years ago, but i still remember that experience like it was yesterday. Thanks.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Resolved] hacked with bps’ is closed to new replies.
Skip to toolbar