This is going to be a long one, so please bear with me.
Over the past few weeks there have been some security issues with a website I designed and developed for a client. A little over a week ago the site was hacked into and the home page displayed ‘Hacked by Hmei7’ with animated falling snowflakes in the background. I contacted the hosting company (no help whatsoever) did a bunch of research, poked around and found that the hacker had replaced the header.php file. I didn’t notice that anything else was different or altered, but just to be safe, I changed all associated passwords and did a fresh WordPress install of the latest version, restored a clean backup of my theme etc…
For about a week everything seemed fine and dandy until this morning. I tried logging into WordPress and kept getting an ‘invalid username’ error. I instantly thought ‘oh no, here we go again’ but I didn’t want to jump to conclusions, so once again I contacted the host, researched and poked around. I checked the wp_user/s database table via phpmyadmin and found that the username had been changed to admin (it was something else when I created it) and the password was changed to long (seemingly) random characters. Despite this, the site itself appeared to look and function as normal.
That’s the ‘short’ version of what’s happened, but I did find that there was something in common with both ‘attacks’. I had a look at the error_log and the dates that fit around the time of both incidents show numerous attempts at accessing/changing the wp-db.php file (in wp-includes). I can’t be sure, but that makes me think that it could be the same ‘offender’.
For the time being I have uploaded a temporary maintenance page as a safety measure for site visitors. I have a feeling that it will happen again soon if I restore the site as I had previously, so I need to try and get to the bottom of it, ‘patch’ things up (or start afresh) and do what I can to prevent this from happening in future. I’m just not sure where to start, if I am missing something or have just been awfully unlucky. Any help or advise would be much appreciated.
Thanks in advance 🙂
- The topic ‘Security Concern – Hacked Website’ is closed to new replies.