Hacked but no idea how

  • Last night my WordPress blog was hacked, but I have no idea how. What happened was that someone managed to register, make himself an administrator and post a couple of entries. Luckily enough nothing was deleted, but the theme was changed, all plugins were deactivated and all settings were set back to the standards after a first-time install.

    I managed to delete the new user and entries but I do not know where the problem is, so it might happen again.

    I’m using WP 2.3.1, so that’s not it. I did however use an older version of the MistyLook theme and an older version of the Sideblog plugin. Also, my API key was deleted. Or should I look at my file permissions? I haven’t got a clue how someone can make himself an administrator, and I also don’t see an option to just disable registration of members completely (which I would thankfully use).

    Any help and suggestions would be appreciated!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter iamzero

    (@iamzero)

    Disabling the registration of new members is of course quite simple, but even after doing so, I was hacked yet again. I now password-protected the /wp-admin directory and I disabled some plugins, but I would be very grateful if someone could help me find the flaw in my security settings.

    You should probably compare notes with this user. Maybe you could narrow the problem down to using a certain plugin or the same version of wordpress, etc. Hope you both can find and plug the security hole soon.

    Thread Starter iamzero

    (@iamzero)

    I don’t think the problems of this other user are related; I don’t use the Bad Behaviour Plugin and in my case, it didn’t look like page.php was hacked.

    I have however succeeded in ‘surviving’ for two days now. This is what I did:
    – I password-protected /wp-admin
    – I upgraded the MistyLook theme that I was using (3.2) to the latest version (3.5)
    – I upgraded Sideblog WordPress Plugin from 4.3 I was using to 4.4
    – I removed /wp-admin/install.php. Visiting this page resulted in the message that WP was already installed, but in my log files I saw that the hacker managed to get to /wp-admin/install.php?step=2. Maybe this is useful information for a possible security hole in WP 2.3.1, I don’t know.

    Anyhow, all these measures seem useful but I still don’t know what caused the trouble to begin with. Other plugins that I use are Akismet 2.0.2, Maintenance Mode 3.2, RunPHP 2.2.2, Lightbox JS v2.03.3 and WP-Polls 2.21.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Hacked but no idea how’ is closed to new replies.