[resolved] wordpress security. Site hacked twice in a month (5 posts)

  1. neverpaintagain
    Posted 3 years ago #

    Hi, my site has been hacked twice in the space of a month and i need urgent help if anyone can suggest anything, or a better security plug in.

    We have found rogue code, and deleted in the CMS (theme Editor), but i suspect it is elsewhere. Site scans reveal the site is clean, but i know its not. We have locked ftp, changed all passwords, but it still seems to get in. I cant afford to have our site hacked again. can someone suggest a good security plugin for wordpress

  2. The problem with any security plugin recommendation is that it relies on WordPress to be intact and not compromised. Sadly, you're past that point.

    You've a lot of work and reading ahead of you. You have already made a great start with password changes, if you haven't already give these a read.

    Backup everything and put that somewhere safe. This is your safety net.


    Once that's safely put away, give these a read.


    When possible, you'll need to replace all of your files with good ones from the source. Once you've reached the Happy Place™ consider doing this.


    It will make automated updates a manual thing (locking down the file system) but until your confident the site is secure that's probably not a bad thing. When you're convinced it's all good, then you can relax the file system restrictions back to normal.

    Good luck.

  3. neverpaintagain
    Posted 3 years ago #

    thanks ever so much for the help and advice. We have located the source of the infection and are taking several steps to remedy it. Thanks again

  4. Glad to help! Can you mark this as resolved?

    It'll help future generations searching for this issue and more importantly, I'll be closer to getting another free soup in the WordPress cafeteria. Just a few more punches on my lunch ticket...

  5. neverpaintagain
    Posted 3 years ago #


Topic Closed

This topic has been closed to new replies.

About this Topic