The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

Security breach (JavaScript inserted) (3 posts)

  1. 2biazdk
    Posted 4 years ago #

    Hi guys,

    My client, JudithKrautwald.dk, has now several times experienced some kind of 'hacking' of her websites, where a few lines of JavaScript code is inserted on the bottom of some JS-files.

    [ Don't post malware code here. If you must the use pastebin.com instead. ]

    How can I prevent this from happening? Is it due to a plugin with a security breach?

    My plugins are:

      Admin Bar Removal
      BulletProof Security
      Custom Login Logo Lite
      Disable WordPress Widgets
      Google Analytics
      Google XML Sitemaps
      Remove posts from wp-admin
      TinyMCE Advanced
      Tiny MCE Tabfocus Patch

    Thanks in advance!

    Kind regards,

  2. kmessinger
    Forum Moderator
    Posted 4 years ago #

  3. LucP
    Posted 4 years ago #

    Is everything up to date?

    If so, check your database to see if they added extra users or malicious content. Change the passwords to your FTP server, WordPress installation and database. Remove your admin account and create a new administrator with a lesser obvious name. Make sure your passwords are also 'strong'.

    Check the permissions (the chmod) on your folders. The only folder that might be '777' is wp_content/uploads. Other folders should be 755 or 765.

    If you want to be really safe; re-install the core. Choose a different database prefix.

    If the problem reoccurs; contact your host. There are a lot of good WordPress-minded hosts out there. A great check to see if your host is a terrible combination with WordPress is to try and update plugins or the core using the admin interface; if WordPress asks for your FTP-settings it's probably not a great host.

Topic Closed

This topic has been closed to new replies.

About this Topic