Suspected hack on 8 WordPress installs
-
I have multiple sites on a shared server, recently I got an email from sitelock warning me about malware on my sites. I thought this had to be a mistake and they were just trying to sell me a service. After going back and forth between them and my hosting provider i did notice the sites loading a resource from an unknown party. and after doing some digging i notice a new script in the header.php file for all the sites.
There is only only ftp account to this server and i’m the only one who uses it. I looked at the date modified for each header file noticed nothing odd. one still showed last changed in 2014. all these sites use different themes and the script was added the same way. the same amount of a spaces between the <?php wp_head();?> and the closing </head> tag. it looks very copy and paste to me. since the script is minified and the rest of the header isn’t.
I have since removed the script, but I am concerned they may still have some form of access to one or more of these sites. How can I harden these WordPress installs and possible figure out how this happened?
- The topic ‘Suspected hack on 8 WordPress installs’ is closed to new replies.