Title: hacked with bps Last modified: August 20, 2016 --- # hacked with bps * Resolved [egeier](https://wordpress.org/support/users/egeier/) * (@egeier) * [13 years, 5 months ago](https://wordpress.org/support/topic/hacked-with-bps/) * Hi, * My webpage has been protected with BPS for quite some time. Today I got an email from google about a phishing link. I guess my blog has been hacked. Any advice? Is there any hole in the plugin? * [http://www.eddiegeier](http://www.eddiegeier) .com/~angel840/paypal.com/cy/cgi- bin/webscr-cmd_login-submit_dispatch_5885d80a13c0db1f8e263663d3faee8d0b7e678a25d883d0fa72c947f193/ * [http://wordpress.org/extend/plugins/bulletproof-security/](http://wordpress.org/extend/plugins/bulletproof-security/) Viewing 6 replies - 1 through 6 (of 6 total) * [The Hack Repair Guy](https://wordpress.org/support/users/tvcnet/) * (@tvcnet) * [13 years, 5 months ago](https://wordpress.org/support/topic/hacked-with-bps/#post-3233623) * BPS is an excellent plugin, though it won’t help you if your FTP or dashboard password is compromised or stolen. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 5 months ago](https://wordpress.org/support/topic/hacked-with-bps/#post-3233628) * 1. Passwords being cracked: FTP, SSH, Control Panel, WordPress Login and WordPress Database password. * 2. Host Server itself has been hacked – not your individual website, but the Server that your website is on. * 3. Directory permissions that are set incorrectly – if you have set directory permissions to 777 by mistake then BPS cannot do much to protect those directories because they are writable to everyone. * 4. Installing a plugin or theme that contains exploitable code that appears to be legitimate and valid code. BPS blocks a large number of attack/hacker strings, but if the coding mistake in a plugin or theme is done in a way that that hacker would not need to use an attack string then BPS would not see that as an attack/ hacking attempt. * 5. A weak point of entry on 1 or more sites under the same Hosting Account – Example: If you have 10 websites and 9 of them are protected with BulletProof Security, but a hacker manages to compromise/hack 1 of your websites that is not protected then all of your other websites would be hacked if a hacker has uploaded a Shell script to this hacked site. A hacker Shell script has the capability to access/control/hack all of your other 9 websites under a Hosting Account from the hacked website. * Thread Starter [egeier](https://wordpress.org/support/users/egeier/) * (@egeier) * [13 years, 5 months ago](https://wordpress.org/support/topic/hacked-with-bps/#post-3233637) * Thanks for your feedback. I am trying to figure out what to do better. Your information definitely helps. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 5 months ago](https://wordpress.org/support/topic/hacked-with-bps/#post-3233638) * Hmm there was another paragraph that I posted that is not in my post above. See below. * You can use a scanning plugin like Wordfence to find the hackers malicious code/ payload files/backdoor files, but personally I have always chosen to restore ( both website files and database) a hacked website from a good backup to make absolutely 100% sure that there are no hackers files that could have been missed by a scanner. * Thread Starter [egeier](https://wordpress.org/support/users/egeier/) * (@egeier) * [13 years, 5 months ago](https://wordpress.org/support/topic/hacked-with-bps/#post-3233654) * Thanks for the tip on the WordFence. Looks very good. By the way, I just got a reply from my provider. They had a technical issue, so some strange pages from different users appeared under my domain. Unfortunately these pages were kind of phishing pages. The provider fixed the issue, meaning the blog was NOT hacked. BPS still OK:) * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [13 years, 5 months ago](https://wordpress.org/support/topic/hacked-with-bps/#post-3233657) * Wow that is great news! The last time i had a website get hacked was a few years ago, but i still remember that experience like it was yesterday. Thanks. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘hacked with bps’ is closed to new replies. * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938) * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/) * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/) * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/) * 6 replies * 3 participants * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/) * Last activity: [13 years, 5 months ago](https://wordpress.org/support/topic/hacked-with-bps/#post-3233657) * Status: resolved