[Plugin: Hack me if you can]Locking down the dashboard (1 post)

  1. Gyeonghun Han
    Posted 1 year ago #

    * My Email :

    Hello Bluehost !!!

    I've appreciated your good service for two years.

    But now I found that my two accounts(aprilstory.kr and aprilstory.org) had serious problems.

    Please correct some mistakes you made.

    1. aprilstory.kr

    I've used the anti-hack WordPress plugin 'Hack me if you can'.

    When I tried to enter the admin page "http://www.aprilstory.kr/wp-admin/?King_Arthur"(admin page), the URL was turned into another URL "http://www.aprilstory.kr/404.php" (404.php)

    The URL 'http://www.aprilstory.kr/404.php' returned a(not the) home page with grotesque outline.

    I can't enter the admin page.

    Exactly speaking, it was a kind of disabled home page. The slide show was disappeared into darkness.

    A glance at the my true home page(www.aprilstory.kr) is sufficient to know why I convince 'Bluehost' was hacked.

    I attach two capured image which can be the evidence of this hacking issue. Please compare the two URLs in the images.

    2. aprilstory.org

    On April 26th I installed 'WordPress 3.7.1' and theme 'Twenty Thirteen' in account 'aprilstory.org'.

    Now 'WordPress 3.7.1' becomes 'WordPress 3.7.3'. Auto upgrade.

    I ordered 'Backup pro' in the initial stage of purchase. I believe the 'Backup pro' can prove why I call the upgrade 'Auto upgrade'(pseudo AI upgrade).

    In addition to 'Auto upgrade', I found some suspicious points. But I can't pinpoint with conclusive proof.

    * Answer of Bluehost(excerpt) :

    As to the first site, the issue could be due to the plugin you installed as the nature of those kinds of plugins includes locking down the dashboard to make it harder to hack into.

Topic Closed

This topic has been closed to new replies.

About this Topic