Brand new website hacked despite security plugins etc
-
I launched a new website at 1pm yesterday afternoon. The installation software generated a complex username and a very strong password, which I modified to make it stronger. After that I immediately installed Limit Login Attempts, capcha, Wordfence and Sucuri plugins. I then uploaded a theme (a premium Elegant themes one) and then closed down the website as I had to go out for the evening.
When I got home, there was an email from Wordfence informing me that a core WordPress file had been modified. I viewed the file, but since I know little about coding, I didn’t understand it, though I did notice the word “explode”.
I used Wordfence to restore the file to its original state. At this point I did not have any Sucuri alerts of brute force login attempts, but since this happened I have received notification of many failed login attempts from IPs in Ukraine.
The Wordfence Blocked IPs log says that one of the Ukraine IPs had “5 hits before blocked” and “599 blocked hits”. It says “Last site access before this IP was blocked was 13/04/2016 at 22:07 – however I did not receive a Sucuri notification of this IP address trying to log in until 23:46 yesterday.
Does this mean there is some malware embedded in the cPanel that transfers to the website as soon as I create it? Or is malware being transferred from the theme or plugins?
The background to this is that I recently changed to a new hosting provider after five of my websites were hacked two months ago. I have reason to believe that my previous hosting provider suffered a DDoS attack. Since then I have installed increased security measures on all of my websites. I also ran a virus/malware checker on my computer which came out as clean.
I will now delete and re-upload the theme and all the plugins I installed yesterday as a precaution. But I am very concerned that there could still be malware embedded in the site, or in my cPanel.
Can anyone tell me how I can secure my website against these attacks and ensure that there is no embedded malware?
Thanks
- The topic ‘Brand new website hacked despite security plugins etc’ is closed to new replies.