WordPress.org

Forums

Locking down the dashboard (1 post)

  1. Gyeonghun Han
    Member
    Posted 1 year ago #

    I received a Email from Bluehost Inc.

    But I'm not able to understand the Email. Please, help me!!!

    /********************************************************************/

    * My Email :

    Hello Bluehost Inc!!!

    I've appreciated your good service for two years.

    But now I found that my two accounts(aprilstory.kr-WordPress 3.4.1 and aprilstory.org-WordPress 3.7.1) had serious problems.

    Please correct some mistakes you made.

    1. aprilstory.kr

    I've used the anti-hack WordPress plugin 'Hack me if you can'.

    When I tried to enter the admin page (http://www.aprilstory.kr/wp-admin/?King_Arthur), the URL was turned into another URL (http://www.aprilstory.kr/404.php).

    The URL 'http://www.aprilstory.kr/404.php' returned a(not the) home page with grotesque outline.

    I can't enter the admin page.

    Exactly speaking, it was a kind of disabled home page. The slide show was disappeared into darkness.

    A glance at the my true home page(www.aprilstory.kr) is sufficient to know why I convince 'Bluehost' was hacked.

    I attach two capured image which can be the evidence of this hacking issue. Please compare the two URLs in the images.

    2. aprilstory.org

    On April 26th I installed 'WordPress 3.7.1' and theme 'Twenty Thirteen' in account 'aprilstory.org'.

    Now 'WordPress 3.7.1' becomes 'WordPress 3.7.3'. Auto Upgrade.

    I ordered 'UpdraftPlus' in the initial stage of purchase. I believe the 'UpdraftPlus' can prove why I call the upgrade 'Auto Upgrade'(pseudo AI Upgrade).

    In addition to 'Auto Upgrade', I found some suspicious points. But I can't pinpoint with conclusive proof.

    * Answer of Bluehost(excerpt) :

    1. Excerpt 1

    As to the first site, the issue could be due to the plugin you installed as the nature of those kinds of plugins includes locking down the dashboard to make it harder to hack into.

    2. Excerpt 2

    As to aprilstory.org WordPress 3.7+ has a feature called "auto upgrade" that you can disable in the dashboard.

    3. Excerpt 3

    To assist you further with these sites, we will need you to provide the last 4 of the cPanel password for BOTH of the separate accounts.

    * P.S.

    http://www.aprilstory.kr/wp-admin/?King_Arthur
    wp-admin/?King_Arthur

    http://www.aprilstory.kr/404.php
    404

Topic Closed

This topic has been closed to new replies.

About this Topic