WP site hacked

  • Resolved gandalf458

    (@gandalf458)


    7 years, 5 months ago

    [ Moderator note: moved to Fixing WordPress. ]

    Hi

    One of my WP sites got hacked the other day. The words “hacked by hacker” were added in various places. I successfully restored to an earlier version and all seems well now, but I’m keen to avoid it happening again!

    I noticed a couple of days before the hack that the guy who installed WP in the first place didn’t make the wp-config unique phrases unique, but I didn’t change it in time. I’ve fixed that now an have installed All in One WP Security.

    I’m just wondering if I’ve done enough, and if anyone knows how gets in to WP sites.

    Thanks

Viewing 9 replies - 1 through 9 (of 9 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Please remain calm and carefully follow this guide.

    When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter gandalf458

    (@gandalf458)

    Many thanks Jan

    I have apparently resolved the issue and will work through the recommended security measures.

    G

    Thread Starter gandalf458

    (@gandalf458)

    The website was apparently successfully restored from backups. I have since installed All-in-One WP Security and Wordfence.

    Since then, so far 3 times I have been unable to login, but have been able to change my password each time. What I have then found is that the admin username has been changed. I’m rather confused!

    Having the exact same issue! – Please let me know if you find a solution

    Thread Starter gandalf458

    (@gandalf458)

    Hi there CB. I will post if I find anything more. I hope you will do likewise. I notice that Googling suliman the hacker comes up with dozens of sites that have been hacked. I’m sure someone has an answer somewhere…

    It was Suliman who had me also. Out of curiosity, who is your hosting with?

    I have completely deleted the databases and all files, fresh installed EVERYTHING and still have the same issue. They obviously have access to phpMyAdmin (even after changing all passwords) as they’re able to change the WordPress username. They also keep changing my cPanel password so it seems this is more of a server issue rather than WordPress/Database. Oddly though, they aren’t actually trying to get into the WordPress admin panel anymore…

    I’ve tried a couple more things (md-5 encryption on passwords, more password changes and permission alterations) – If this doesn’t work I will be nagging my hosting provider to change server.

    I’ll be sure to post as soon as I have a solid solution!

    Thread Starter gandalf458

    (@gandalf458)

    Hosting is Vidahost in the UK. My usual host uses mod security which stops a lot of hacks. Whether it would have stopped this one I don’t know but I suspect it would.

    I have also been unable to get in to cPanel but unfortunately it is not my account so I have to ask someone else to change the password when needed.

    I’m on Vidahost too. I’m starting to see a pattern here…

    Thread Starter gandalf458

    (@gandalf458)

    The latest is that the administrator changed the cPanel password, but I couldn’t log in; then he found he couldn’t log in. Now, the host can’t even change the cPanel password, so they have escalated the issue! ??

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘WP site hacked’ is closed to new replies.