Hacked and fixed

  • This is informational only. My site was hacked but it looks and performs fine until you try to get to the admin dashboard. I could not update or install new plugins and when I tried to load a new media file, the media library would not load. The loading circle would just spin. I have installed an older version of sucuri which shows all logins and sends me an email anytime someone logins in. I received a notice that someone logged in w/o a user name but used the password [redacted]. I tracked the ips used by the intruders and they were from Russia and the Ukraine. Sucuri also logged the action and I noticed that they had edited 3 files… my theme functions.php, my contact form and xmlrpc.php.
    It was easy to find the injected code in the first two files and I renamed the xmlrpc file so it will not activate. Evidently it allows for remote access.
    So if you have not yet been hacked, install a good security plugin that will block intruders, notify of attempts and log any file changes. It can really be a huge help. It tool less than an hour to fix my site since I knew exactly where to look.

Viewing 2 replies - 1 through 2 (of 2 total)

  • The trick is to figure out how they got in at all, and close the door.
    The theme functions.php file is a typical target because it is loaded on every request (front or back end).

    Thread Starter webpdq

    (@webpdq)

    Thank Joy, I am hoping it was because I had not updated the core files and plugins. They are all updated now and hopefully I have closed the other avenue by renaming the xmlrpc.php. I will let you know.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Hacked and fixed’ is closed to new replies.

Tags