Site compromised? (2 posts)

  1. JimmyW
    Posted 2 years ago #

    A visitor to my site mentioned that the first page had several lines of random text with links to various spam-type URLs at the top of my page. Everything looked okay when I visied my site later, but I found that there was a new, unknown Admin user in my Users section. Obviously, it was an unauthorizedd account, and it used my email address, but with a .co instead of .com. I deleted the account, but wonder whether there is something that I can do, like installing a particular type of plugin, to avoid this issue and similar ones. Thanks.

  2. Treebeard
    Posted 2 years ago #

    Might be a database hack. You should obviously change your password to something more secure (nothing in the dictionary) and make sure you secure your wp-config.php and .htaccess files, for starters. CHMOD 444 should be good, but it's not a fail safe. Also check your wp-config file to make sure there's no strange code in there (I've noticed the eval hack happening a lot lately.) I've been searching for months now, testing different sets of security plugins, nothing seems to be a perfect fix though. Wordfence seems good, still not sure about it enough to recommend it yet though. I really like this one: http://wordpress.org/extend/plugins/duo-wordpress/ It's really easy to set up, requires an authentication to log in, so if someone were to try to log in, I would get a message popup on my phone. When I log in, I get the phone popup and click the button to Allow me to get into the admin.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.