Can't figure out how this hacker is hacking me

  • About once every two days, a site I manage has a bogus “wp-theme.php” file added to the root directory, and wp-config.php is altered to INCLUDE it. This has absolutely no effect except to give me a white screen on my wp-admin page — the public site is unaffected.

    I’ve gone all the usual “My Site Has Been Hacked” suggestions — I’ve changed passwords on the site and the database. I’ve installed a couple of exploit scanner plugins, but they just seem to find red herrings. I have looked for posts with iframes and scripts. I moved the entire site to a new server with a clean WP install. I’ve protected the wp-config.php and wp-theme.php files with ACLs and using .htaccess.

    It’s still happening.

    So — where could this exploit even be coming from? Is it in a theme file? Am I getting hit from the outside? Could it be an injection coming from a comment? I’m at a loss, don’t even know the next possible step.

    Surely there’s some antivirus scanner that can tell what this exploit is by its fingerprint?

    Many thanks,

    g.

Viewing 3 replies - 1 through 3 (of 3 total)

  • I am not so professional…but if you have done so much, then there is one way where the hacker could be going inside ur site.

    You must be using a nulled theme or an unpaid-premium theme…

    Thread Starter doodaddy

    (@doodaddy)

    It’s possible — the original manager had an independent developer do his theme development. How can I find out?

    Thanks.

    Have you read this article before and installed the plugin?

    timthumb it mentions installing it to check for potential vulnerabilities.

    Some useful advice and tips.

    Have you got a link to the website?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can't figure out how this hacker is hacking me’ is closed to new replies.