Hacking through JetPack

The Jetpack plugin requires you to connect your site to your WordPress.com account. When you do so, you are able to manage your site from this new central dashboard. You can post from WordPress.com, install plugins, and more. This is practical, but also comes with some consequences: it means that if your WordPress.com account is compromised, one could make changes to your site from there.

For this reason, we strongly recommend using a unique and hard-to-crack password, as explained here:
https://wordpress.com/support/security/#strong-password

In addition to this, I would recommend setting up two factor authentication to add an additional layer of security to your WordPress.com account:
https://wordpress.com/support/security/two-step-authentication/

Those options do not require any upgrade, they are available to any WordPress.com account.

Once you’ve done so, it will be a lot more difficult for anyone to take advantage of your WordPress.com account to make changes to your site.

I was also told to go buy and install WordFence. Which btw is sold by the same company that owns JetPack.

No, the 2 products aren’t owned by the same company; Jetpack is edited by Automattic, while WordFence is developed by a company named Defiant.

Both WordFence and Jetpack offer tools that can help you secure and monitor your website, but at the end of the day the weakest point of entry for your site will always be your admin accounts. It’s a bit akin to having a heavy security door with a complicated lock, while leaving the key under a flower pot. When installing Jetpack, you also add an additional door to your house, so you need to secure that one too.

I hope this clarifies things a bit!

The hacks were not changes to my page. One hack was the *robot click here to see if you are human hack*. Which was always the one hack that got my site before the uninstall for several months. The last hack that I had the last time I installed Jetpack was like a font hack. The whole site was messed up and would not load right and was not readable.

The site was not edited in the sense that a page was changed, the whole site was hacked like a file with a DB command was entered. The robot hack was a DB redirect command that replaced the DB homepage directive. So the hacks were DB based which means the hacker gained accessed to it.

Is that access obtained through the wordpress site? If so I won;t be connecting to wordpress site anymore.

• This reply was modified 4 years, 5 months ago by ikester7579.

There are many ways that your site could be hacked, one can’t really tell you more without looking at your site’s files.

The last hack that I had the last time I installed Jetpack was like a font hack. The whole site was messed up and would not load right and was not readable.

This sounds like a layout issue on your site. This may not have been caused by a hack, but by some CSS changes made by one of your plugins (like Jetpack) or by your theme.

Is that access obtained through the wordpress site?

When you connect your site to your WordPress.com account, you’re allowed to manage every aspect of your site through that dashboard; you can install plugins for example, and those plugins can make changes to your site or your database.