Would you hack a nice guy?
-
Hello
I apologize to those who’d be cringing by the end of this message but we all make mistakes and seems like I have made mountains.
I have an e-commerce website that I have not logged in to for quite some time. Since I intended to shut it down, I didn’t update anything on it including plugins and WordPress.
Few months ago, I randomly opened the website and noticed that it wasn’t behaving normally. Like cart would not update and the text and pictures were unaligned. I figured it was because of outdated plugins and since I was going to shut it down any way, I didn’t bother.
Couple of days ago, I visited the website again and was surprised to see everything was in pristine condition: the cart, the text, the pictures. It was like everything had been updated on its own. Like all other website owners, I frequently get alerts that someone had tried to hack their way into my website but since my login is NOT admin and I have set the ‘lockout’ to 300 minutes, I thought the hacker will try once, will be locked out for 300 minutes, and would move on.
But this time, I think I have been hacked.
I had an SSL installed in the beginning but then I allowed it to expire because, you guessed it, I was going to shut it down. Now, when I try to log in to my WordPress Admin, I get
1. this padlock in the address bar that’s been crossed out with a red line
2. https crossed out with a red line
3. This warning: ‘Your connection is not private. Attackers might be trying to steal your information from https://www.yourwebsite.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID’
Now, my questions are
A. have I already been hacked?
B. Should I continue and login to my WordPress admin despite the warning?
C. Once inside, how can I be sure that there’s no backdoor inside the admin area?
Thank you for reading this and your help.
Looking forward
- The topic ‘Would you hack a nice guy?’ is closed to new replies.