WordPress Site Keeps Getting Hacked

  • GH57

    (@gh57)


    8 years, 5 months ago

    My WordPress sites keep getting hacked and I need some advice please. This is the 4th time.
    I have a reseller account and this time I had 3 websites up. All 3 on WordPress and one of those had WordPress + WooCommerce.

    Only minimal plugins used, all up-to-date, very strong passwords, limit login attempts. Once the hacker gets in, they lock me out of all my WordPress sites by changing the user name and password in the database. I can see this because I have a re-seller host account and can view the database through the web host manager.

    Can anyone offer any insight on how the hackers are getting in? Is it WordPress? WooCommerce? My web host?

    I have been able to find other websites that are on the same shared host that are also hacked, but are not mine.

    The previous hack happened about 3 months ago and I wiped out everything on my web host. I had like 7 websites, some of which I just decided to scrap because of the hack. I completely deleted the accounts that the websites were on and re-created only the 3 I mentioned above, so it can’t be any residual files left on the server.

Viewing 13 replies - 1 through 13 (of 13 total)
  • esmi

    (@esmi)

    8 years, 5 months ago

    I have been able to find other websites that are on the same shared host that are also hacked, but are not mine.

    Have you spoken to your hosts abut this? the problem could be another insecure site on the same server that is allowing hackers onto the server. Once in, they could, in theory, attack any site hosted on the server – including yours.

    In the meantime. have you reviewed Hardening WordPress in case there’s anything else you can do at your end? I’d also suggest reviewing http://ottopress.com/2009/hacked-wordpress-backdoors/ just in case you have a backdoor that’s mimicking an image file etc.

    Thread Starter GH57

    (@gh57)

    8 years, 5 months ago

    The host hasn’t been too helpful, mostly saying keep your plugins up to date, which I had. My host usually ends up locking me out when the account starts to be used to send spam. I have implemented a lot of hardening actions. I don’t have a static IP address, so I can’t restrict by IP. I do not access in wi-fi areas and I didn’t use an FTP client this time around.

    I’m starting to think it’s the host, just not sure. Is wordpress + woocommerce fairly secure?

    I’m thinking of jumping hosts, but if that’s not the issue….

    Thanks for your answer esmi

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    8 years, 5 months ago

    Change *every single password* associated with your sites, from the cPanel and other hosting logins to each database user password, and every user password.

    Thread Starter GH57

    (@gh57)

    8 years, 5 months ago

    Hi Steve,

    Thanks for your answer.

    I did that. And I made some really long, hardened, strong passwords this round. On WP, I also used the plugin that limits login attempts to prevent brute force cracking. After 3 bad attempts, locks for 30 minutes, then I think after 3 or 4 lock outs it locks for 24 hours.

    I also completely removed the affected cpanel account which deleted everything, then created a new cpanel account with a different username and then fresh WP install.

    Have you ever had any issues with WP being hacked? I just wonder how frequent this kind of thing is. It’s happened too many times, which is why I’m thinking of switching hosts. It seems like the only common ground.

    Thread Starter GH57

    (@gh57)

    8 years, 5 months ago

    Does anyone know if a shared web host account is hacked, can all sites on the server be at risk?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    8 years, 5 months ago

    I manage 70+ sites on a number of hosts. I have one on [not going to mention the host] that is hacked roughly every two weeks. As I’ve done everything I can think of, I have to think it’s a problem with the host. Unfortunately, then client isn’t willing to pay for a complete rebuild and move to another host. So…

    ON the other hand, that site has a couple of commercial plugins that I don’t use on any other site (installed by a previous dev), so they may be the problem.

    Thread Starter GH57

    (@gh57)

    8 years, 5 months ago

    Steve,

    So no problems with the 70+ sites, just the one?

    I didn’t want to mention my host just in case it’s not them, but I wonder if it could be the same one?

    esmi

    (@esmi)

    8 years, 5 months ago

    Excellent advice! If/when you do use FTP, ensure that you’re using SFTP if possible and that any machine you use to access the site (including via SFTP) is fully virus checked.

    WordPress itself is as secure as any open source platform with a dedicated security team of developers can be. All new plugins and updates to existing plugins are also security checked before being made publically available. There’s also no current flood of users with hacked sites posting here.

    So, taking everything into account, I think WordPress + Woocommerce is pretty low on the list of potential security breach points. My money would be on the server itself or another site occupying the server.

    Thread Starter GH57

    (@gh57)

    8 years, 5 months ago

    Thanks Steve and esmi,

    Really helpful posts. I think now is a good time to switch hosts since I have to re-build sites anyways.

    Mostly these are sites I have just been playing around with, but the woocommerce site was starting to get some traffic and sales, so I was just about to start expanding it, then this…

    Really frustrating. I think I’ll go for a VPS this time.

    esmi

    (@esmi)

    8 years, 5 months ago

    Does anyone know if a shared web host account is hacked, can all sites on the server be at risk?

    Depending upon how securely (or not) the server has been configured, yes. Every site on the same server could be at risk. My current hosts claim that they’ve sand boxed every site to try and stop this happening but I’ve no idea whether this has been really tested yet.

    Thread Starter GH57

    (@gh57)

    8 years, 5 months ago

    If I can trouble the community with one more question…

    I see there are some plugins that monitor WordPress files and scans for ones that should not be there or if they are modified.

    Does anyone use these and are they effective? If so, I’m not sure if recommendations are allowed here, but if they are, recommendations appreciated.

    esmi

    (@esmi)

    8 years, 5 months ago

    Sorry – I’ve not used any of these myself.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    8 years, 5 months ago

    I use Wordfence on all of my sites.

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘WordPress Site Keeps Getting Hacked’ is closed to new replies.