WordPress.org

Support

Support » How-To and Troubleshooting » My wordpress website got hacked, multiple times.

My wordpress website got hacked, multiple times.

  • Hi guys since yesterday my website it’s been hacked 2 times. They add an iframe in all the php file in the root of my website they don’t go further. I uploaded new root files but nothing they hacked it again.

    Anyone know why? and how?

Viewing 15 replies - 1 through 15 (of 16 total)
  • Did you upload all new files? Or just some new files?

    Did you change passwords for all of your non-subscriber users? That is, all of your users with better than read-only permissions.

    Why? Fun and/or profit.

    How? Hard to say without access to the server, which no one here has. Perhaps your host can help. If it is a flaw in your site it is usually either a bad passwords or a vulnerability in a plugin or theme. If you are on a shared server, a vulnerability in any of the sites, not just yours, can allow a hacker access to all or some of the other sites too.

    FAQ: My Site Was Hacked

    as long as i know, there is a bug exploit within wp-config.php via sy*l*nk or ju*pl*nk.

    i get this info from my friend about few hours ago. Try to protect your wp-config.php with .htaccess so your wp-config.php only accessible from your cpanel only.

    What is the exploit and how is it prevented? Mentioning it in passing doesn’t really help anyone. If you are referring to what I think you are, that is really an Apache (mis)configuration problem, but something to be aware of nonetheless.

    deny access to your wp-config.php, just it.

    ye fresh files. anyway they put this iframe that link to a trojan that jump into ur tmp local folder.

    Could perhaps be the result of an FTP leak. Have you changed all of your passwords – including FTP?

    ye im doing it right now. thanks for the advice ill let you know if they do it again.

    @blacklizt, I know how several different ways to deny access to wp-config. People posting here asking for help, probably don’t know. That is why they are asking. What you are saying is probably correct, but not very helpful and it is a ‘help’ forum. So, exactly what would you do to deny access to wp-config.php?

    It would also help if you could explain the exploit because I only see one line that might be vulnerable and it would be very, very difficult to pull off.

    @v00d0, you aren’t really giving enough information for anyone to help you. Please try to be more specific. For example, do you know what the trojan was? Can a scanner like Sucuri identify it? This should help: http://codex.wordpress.org/Hardening_WordPress

    the tojan was identified by my ESET Antivirus. I can put here the iframe that link to the trojan but i don’t know if i can do it.

    These are all the information i got:

    – wordpress 3.4.1
    – iframe inside root website files that link to a trojan
    – if i reupload all the files they still can access my site
    – i changed all the password.

    this is the website:

    consoleopen.com

    Be sure to clear the Hyper Cache data.

    I don’t know that posting the iframe would help. I am trying to find out the name of the trojan/exploit, if it has a name, in order to help identify how it got there.

    If you re-uploaded all files then the problem is a bad password in the database, you missed a few files, you have a vulnerable plugin or theme, or there is a bigger problem with your server configuration/environment. You are running several plugins and your theme has some custom Javascript. Is everything up-to-date?

    What are the file permissions on your server?

    the permissions are Ok folder 755 files 644

    this was the ifrAME

    iframe src=”http://starttraffik.**/” width=”2″ height=”3″ frameborder=”0″></iframe>

    check the website at ur risk (is .net). the theme was developed for my website they never updated it.
    this is the list of my plugins:

    advertising manager
    contact foorm 7
    google analyticator
    google xml sitemaps
    hhyper cache
    my brand login
    new admanplatinum seo packreally simple captcha
    related post category widget
    shadowbox js
    shadowbox js- use title from image
    static random post widget
    statpress
    widget logic
    wordpress database backup
    youtuber

    to prevent wp-config.php exploit via symlinks.

    add code below within your .htaccess

    <Files wp-config.php>
    order allow,deny
    deny from all
    </Files>

    you can find many articles about symlinks on google. It’s old issue but still happen now.

    actually wordpress codex already explain how to secure wp-config.php
    http://codex.wordpress.org/Hardening_WordPress but not all wordpress users know about this.

    really thanks

    How about your plugins? Are they all updated? Are any of them really old and haven’t been maintained?

    I am assuming you are shared hosting? Is that correct?

    no! i pay a dedicated server, plugins are all Uptodate, it seems.

Viewing 15 replies - 1 through 15 (of 16 total)
  • The topic ‘My wordpress website got hacked, multiple times.’ is closed to new replies.
Skip to toolbar