Results 1 to 9 of 9
-
24th Feb 2012, 03:12 PM#1
OPMemberWebsite's:
GFXWebHosting.com WarezJobs.com
[HELP] Wordpress site got hacked.
One of my wordpress site got hacked last month, but i had backup so i restored it that time.
today just 30 mins ago. i got email from my wordpress site.
subject: [xxxxxxxxxx] Password Lost/Changed
email content: Password Lost and Changed for user: boumkhalled
i immediately visited my site and found this running.
i than suspended the domain from my control panel.
now few question to hacking experts, how do i secure my wp site?
really looking forward to advance level tips.gfxguru Reviewed by gfxguru on . [HELP] Wordpress site got hacked. One of my wordpress site got hacked last month, but i had backup so i restored it that time. today just 30 mins ago. i got email from my wordpress site. subject: Password Lost/Changed email content: Password Lost and Changed for user: boumkhalled i immediately visited my site and found this running. Rating: 5
-
24th Feb 2012, 03:17 PM#2
Banned
1.you should use the htaccess to password protect the wp-admin directory(dont use a plugin)
2.simple tip for any password: use a generator
3.change the url of wp-admin using a plugin or manually if you are comfortable
4.change the admin name to something else
5.modify your theme to remove ALL information about the version of wordpress
6.change the posttable prefix to something other wp_
7.use login lockdown plugin
tips that i remember,if you need anything specific,feel free
also,if you wanna retrive,
go to phpmyadmin from your cpanel,delete the user from wp_options,and add a new user.in the password field,use md5 hash from the net to encrypt your password.i can help in this as well,though i dont recommend you trust anyone for this purpose.
-
24th Feb 2012, 03:29 PM#3
OPMemberWebsite's:
GFXWebHosting.com WarezJobs.comThanks a lot for the tips
but how do i password protect the wp-admin directory with htaccess --any tutorial?
change the url of wp-admin using a plugin -- can you link me the plugin please.
-
24th Feb 2012, 04:00 PM#4
MemberWebsite's:
mirrorstack.comwhat version of wordpress where you using ?
is it 3.2.1 ?
-
24th Feb 2012, 04:06 PM#5
Banned
do you have ftp access,paste the content of your .htaccess file (ofc,remove vital site info and change site url to domain.com)
download the version of your wordpress site and see if new files are present in your site root via ftp,file manager etc and report.
-
24th Feb 2012, 06:34 PM#6
OPMemberWebsite's:
GFXWebHosting.com WarezJobs.comi dont remember. what version was that.
Originally Posted by mirrorstack
ok i checked on site files there is no .htaccess file in root. Originally Posted by sceneguy
i guess i have to install again properly..
-
24th Feb 2012, 06:58 PM#7
Website's:
VaporHostn.com^when you click on file manager, you will need to select "Show Hidden Files (dotfiles)" to be able to see.
-
24th Feb 2012, 08:25 PM#8
MemberMost of the time wordpress gets hacked because a old plugin is not secure. What plugins do you have installed ? If you have some installed check out some exploit site like exploit-db and see if there is a exploit for the plugins your using Originally Posted by gfxguru
One of my wordpress site got hacked last month, but i had backup so i restored it that time.
today just 30 mins ago. i got email from my wordpress site.
subject: [xxxxxxxxxx] Password Lost/Changed
email content: Password Lost and Changed for user: boumkhalled
i immediately visited my site and found this running.
i than suspended the domain from my control panel.
now few question to hacking experts, how do i secure my wp site?
really looking forward to advance level tips.
-
24th Feb 2012, 11:52 PM#9
MemberWebsite's:
RapidLeechHost.com vStarVPS.com OwnSeedBOX.comHi,
It may be because of old thumb or timthumb.php.
Read this :
http://www.awebmasterforum.com/wordp...-russian-site/
Hope it helps.
Check all plugins and until the issue is resolved, disable all your plugins.
Check your themes and upload folders for malicious files.
Ask your host to install a good firewall, Suhosin for PHP and Mod_security for Apache.
ask them to use latest ASL/gotroot rules for mod_security.
Also, ask them to install a good antivirus, root kit scanner and Intrusion Prevention/Detection System (IDS/IPS).vStarVPS.com
Most Affordable Linux VPS starting $15/month | Windows VPS RDP starting $19/month
Also Offers RapidLeech | sBorg | SeedBOX
--------------------------------------------
Estro Web Services Private Limited
Register To ReplySponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Help my wordpress site Hacked!
By cyber-cliff in forum WordpressReplies: 8Last Post: 17th Feb 2012, 04:47 AM -
How to Stop Your WordPress Blog from Being Hacked
By BlackHatKnight in forum Webmaster ResourcesReplies: 40Last Post: 25th Dec 2011, 07:17 PM -
Codemasters' web site hacked again; site shuts down
By ShareShiz in forum News & Current EventsReplies: 0Last Post: 11th Jun 2011, 06:56 AM -
My Wordpress Got Hacked..!!
By Mulana in forum Technical Help Desk SupportReplies: 9Last Post: 24th Feb 2011, 09:06 PM -
My wordpress blog got hacked
By discodancer in forum Technical Help Desk SupportReplies: 4Last Post: 27th Nov 2010, 04:56 PM
Staff Online
themaPoster - post to forums and...
Version 5.23 released. Open older version (or...