I recently had a website hacked that had been launched only in the past month. I had the typical securities installed on it, including Better WP Security plugin, secure passwords, etc.
My webhost was the one who contacted me about it, and he explained because the files were created by the Apache server, and not uploaded via FTP (thus being created by the FTP account), that they “were write-able by the whole world and anyone who accesses the website.” I’m not 100% certain this is the cause because the log shows the issues are coming AFTER the hackers log in via the WP login page, indicating maybe our passwords weren’t as secure as we thought.
Thoughts? I have 20+ websites that I’ve installed using Duplicator, and this makes me extremely nervous. Today I’ll be deleting the whole site and re-uploading it via FTP, but this isn’t necessarily a feasible way to go for all of my 20 sites.
Thanks for any help,
- The topic ‘Potential Security Issue?’ is closed to new replies.