Themes getting hacked

  • Resolved Martin.Harper

    (@martinharper)


    13 years ago

    Hello,

    I maintain several blogs for my company and I have noticed that some of the very popular blogs are getting hacked again and again.. The hacker is able to change the admin user and its password into the database and when I log into the wp-admin after resetting it I see that it is only the theme that is getting hacked (not completely sure).

    I have remove those blocks from internet for now as I do not want search engines to affect its ranking. I want to know how to trouble shoot this..? Would themes are recommend by WP..?

    Thank you for the help.

    Regards,
    Martin.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    13 years ago

    Have you gone through these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    ?

    WPyogi

    (@wpyogi)

    13 years ago

    See also:

    http://codex.wordpress.org/Hardening_WordPress

    http://codex.wordpress.org/Brute_Force_Attacks

    Thread Starter Martin.Harper

    (@martinharper)

    13 years ago

    Thank you for your quick response poeple, this is highly appreciated.

    yes, I have read most of those but the sites get defaced event after I restore the entire installation from good backups. I suspect the themes that I am using are vulnerable (different every time).

    I want to know if there is a list of recommended themes or if not I am ready to switch all my blogs to default WP themes. Can you guys ensure that they are safe.

    I am also taking to one of my friends and he has suggest to restrict the admin directory with .htaccess so that only certain IPs are able to access the admin area. Do you guys recommend this..?

    Thanks,
    Martin

    Chip Bennett

    (@chipbennett)

    13 years ago

    More than likely, the attack vector is something other than WordPress itself, or your Theme.

    Most often, the issue is an insecure hosting environment. Next most likely is compromised FTP credentials (possibly related to a local-machine virus).

    After that, it is possible that a Plugin is the issue. What Plugins do you have active? (Two major caching Plugins recently had security vulnerabilities patched.)

    As for safe Themes: get them from the official Theme directory:
    http://wordpress.org/extend/themes

    They are all human-tested for, among other things, security issues.

    Thread Starter Martin.Harper

    (@martinharper)

    13 years ago

    Thanks Chip, I can confirm that:

    — WP version is latest and updated on all hacked blogs.
    — It is not FTP as it is restricted have also checked logs.
    — It cannot be my hosting because all the software are regularly updated and I, myself ensure that the permissions are correct.
    — My local machine has professional Anti Virus and is regularly updated. I also doubt that it is my machine because I have firewalls / IDS in my network and as I said only few blogs were affected, rest were OK. I expect even other blogs to get compromised if it was my local machine.

    Regarding plugins, I have “All In One SEO Pack”, “Artiss Social Bookmarks”, “WordPress SEO” and “WP Social Bookmarking Light” installed & up to date but I have only “WordPress SEO” active.

    On recommendation of one of my friends I have removed all Themes and have switched to Default WP Theme (New One) and have also restricted admin directory to certain IPs. Lets hope that this works.

    Regards,
    Martin

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Themes getting hacked’ is closed to new replies.