Support » Fixing WordPress » Site Hacked

  • Josh

    (@josh401)


    Moderator and Editor Customizer

    Hi,

    One of my sites was hacked with the “daysofyorr”. I was able to sniff out the rogue code and wipe the script which was being automatically generated in my header and footer files.

    My site is back up and hack-free. However, what are all the suggested steps to prevent this from happening again?

    I have changed my password, and the auth keys in the wp-config file.

    Are there other steps I should perform?

Viewing 2 replies - 1 through 2 (of 2 total)
  • If you have a fresh and clean copy wp-admin, wpincludes and wp root directory files, fresh copy of all plugins, checked themes, checked and wp-config.php, .htaccess ….and other files do not included to orginal wp package ….then:

    http://codex.wordpress.org/Hardening_WordPress
    http://codex.wordpress.org/htaccess_for_subdirectories

    Make sure you do not use unsecured timthumb.
    Check your server logs.

    Josh

    (@josh401)

    Moderator and Editor Customizer

    Excellent links, thank you! Those appear to be some pretty heavy duty settings to block potential attackers. And here I thought just changing the password and auth keys would be enough :-/

    It will take me a little while to work my way through those articles. But I’m sure the payoff will be a nice, secure site.

    Thanks for taking the time to respond.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Site Hacked’ is closed to new replies.