Support » Themes and Templates » Headway themes, wordpress, and security

  • i’m using wordpress 3.2.1 with headway theme 2.0.13
    (the latest versions of each)

    my site has been hacked twice in the last 2 weeks…while the fix was relatively simple…the vulnerability of my site is painfully obvious….

    i have 2 questions….
    has anyone using headway themes experienced something similar …or is this more likely to be a security hole within wordpress?

    what are some sure-fire ways to optimize the security of my site?

    any input,advice, or resources would be much appreciated.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    Depends on how they were hacked. WordPress itself is pretty secure, but if, say, you were hacked via the TimThumb vulnerability that came around recently, that’s a … well known vector is a horrid word.

    Well if you are a valid member you should post in our forums rather than WordPress forums. 🙂 you can visit them here, You will need your Headway user account to gain access. The problem actually stems from not deleting the previous versions of Headway on your WordPress install. If you are running 2.0.13 you just need to delete the previous versions of Headway. There’s no need for them to be installed anyways. 🙂

    If you still need help after that, please post to our forums so we can help you out.

    thank you for your reply…

    i’m still relatively new at the whole web thing so im not sure if it was TimThumb or not …although the forums at headway addressed the same issue and released an update with a patch….

    the first attack made changes to the functions.php, and changed the username and password to my account….

    the second attack seemed to come from a different hacker who placed a index.htm file in the root directory…..

    i have no clue how this was done…..but i would really like to know how to prevent it from happening again….

    im not sure what i’ve done to leave my site so vulnerable….

    @ ajmorris:

    i saw your comment in my email, but i dont see it here…
    anyway…i was just headed over to the headway forums to post the same (just thought i’d cover all my bases)…and yes…i am guilty of having old versions still installed….

    thank you for your input and assistance…the WP & HWT communities are amazingly supportive…THANKS!

    Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Halfelf Rogue & Plugin Review Team Rep

    Spam catcher caught the post. Fixed it.

    @mgrmgrmgr like I said, you need to head to the Headway forums if you want proper Headway help. The WordPress community can only help so far and if they have Headway. 🙂 Not trying to be difficult, just want to make sure you get the support you need. 🙂

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Headway themes, wordpress, and security’ is closed to new replies.