WordPress.org

Support

Support » How-To and Troubleshooting » my wp blog has been hacked twice

my wp blog has been hacked twice

  • a few month agoo i received an email from google that my site has been flagged as malware. so after some searchings i found out that someone has placed invisible links to casino-sites and such. i repaired the entire blog and the site was later unflagged by google. fine i thought and additionally updated my blog.

    now yesterday it happened again. so my question is, how do those subjects get into my own entries and change them (they have to be admins for that) i dont know the indepth of wordpress, so does anyone have a clue?

    thanks in advance

Viewing 11 replies - 1 through 11 (of 11 total)
  • Michael Torbert

    @hallsofmontezuma

    WordPress Virtuoso

    Upgrade to the latest version of WordPress and install http://wordpress.org/extend/plugins/wp-security-scan/

    thank you, i will try that and see what it finds

    Jeremy Clark

    @jeremyclark13

    Member

    Also you need to check your database for rouge admins. Check both for wordpress users and actual database users.

    Jeremy, how the heck can a rogue admin get into the database? Is this a bit of superhacking, or do we need to beef up the WP MySQL security implementation?

    Jeremy Clark

    @jeremyclark13

    Member

    Well if when you set up the wordpress database user give full permissions to all the databases then if the wordpress is compromised then you have a compromised database server.

    Also if this is shared hosting they could have found another hole in someone’s webspace and made it in that way. Not necessarily into the database but into your directory structure.

    Best bet is to change all passwords, even the database password, make sure you have proper permissions, and then make sure your plugins are up to data as well.

    I have been contacted by Google Search Quality Team to say my site also has been compromised and they blocked it. I could find nothing wrong in the code and followed all the http://www.stopbadware.org recomendations but found nothing wrong. I removed the site from the server. Interested to hear you also had a security issue. Point is, is it really worth carrying on blogging if this sort of thing can happen?

    Michael Torbert

    @hallsofmontezuma

    WordPress Virtuoso

    Point is, is it really worth carrying on blogging if this sort of thing can happen?

    Mandeville49,

    Sure it’s worth it. Don’t let a bad experience get in your way. You may want to start off with moving to a new host. Change every password. Make sure you have the lastest version of WordPress and all your plugins. Make sure your plugins don’t have any known security issues (google them to see what people say about them.) Change your passwords every so often.

    There will always be hackers, and there will always be hacked web sites. But don’t let that discourage you.

    hi, i once got it done, and i believe this time, too. it just takes a looong time until google revisites and takes of the maleware block.

    however, i have still one question:
    the wp security scan tells me this:

    “The file .htaccess does not exist in wp-admin/. “

    how should such a .htaccess file look like?

    jeremy, what is a rouge admin and how do i check for such? i am not very familiar with databases

    btw, it is absolutely bad that google still claims the site contains badware, but it doesnot! i hate this stopbadware lie

    this time i am nearly before stopping my blog, too, because noone will visit a blog where google states there is badware

    i wish someone wipes those badware liers from earth

    I found links to casinos in my WordPress site too and deleted them, upgraded to 2.5.1, cleaned everything up and asked for my site to be reassessed by Google. A week later it is still flagged as unsafe. Shit this sort of thing because people who read your blog see the site is unsafe and probably don’t return. So, you spend weeks building up a community and then bang -all your hard work is ruined. If your blog is linked to your company website (mine was) it also reflects on the image of your corporate site as well. Traffic to my site has fallen from 648 hits per day to 15 since this happened. Online sales have fallen from 325 sales per day to 0.

    The people who do this should be shot.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘my wp blog has been hacked twice’ is closed to new replies.
Skip to toolbar