1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to Keep Wordpress from Getting Hacked?

Discussion in 'Blogging' started by twoj04, Oct 13, 2009.

  1. twoj04

    twoj04 Power Member

    Joined:
    Apr 23, 2009
    Messages:
    632
    Likes Received:
    365
    Occupation:
    Self-employed (Hopefully you are also)
    Location:
    115164132199648
    Hey everyone, Fatal error: Cannot redeclare pbr9() (previously declared in /home/xxxxx/public_html/index.php(1) : eval()'d code:1) in /home/xxxxxx/public_html/wp-config.php(1) : eval()'d code on line 1.


    Just got this on a bunch of my sites on the same block. Probably someone who got mad or something.

    Anyhow, has anyone gotten this before? I checked my wp-config and sure enough there was a bunch of code at the top. Pretty sure I was hacked, but was posting to see if anyone knew if it was just an error.

    Also, how do I prevent this from happening in the future?

    Thanks :)
     
  2. VulcanMan750

    VulcanMan750 Junior Member

    Joined:
    Nov 21, 2008
    Messages:
    105
    Likes Received:
    27
    Occupation:
    Still Pimpin
    Location:
    Katmandu
    hmmm, this is the second post with the same wordpress error?

    can you login in under wp-admin?

    I'm no security ninja, but at the very least you should be using htacess and robots.txt to keep google from indexing info about your blog, like what plugins you're using, what theme, what version, etc... all those can be compromised.
     
    • Thanks Thanks x 1
  3. twoj04

    twoj04 Power Member

    Joined:
    Apr 23, 2009
    Messages:
    632
    Likes Received:
    365
    Occupation:
    Self-employed (Hopefully you are also)
    Location:
    115164132199648
    Hey, sorry didn't find anybody else with the same error. No I couldn't login. Reinstalling WP now.

    Will look into the robots.txt and such, never worried about security stuff because had not gotten hacked before.
     
  4. topsytips

    topsytips Regular Member

    Joined:
    Aug 11, 2008
    Messages:
    334
    Likes Received:
    234
    Occupation:
    Self Employed
    Location:
    UK
    There's a plugin called Login Lockdown that you might want to consider installing once you get your blog back up and running.
     
    • Thanks Thanks x 2
  5. VulcanMan750

    VulcanMan750 Junior Member

    Joined:
    Nov 21, 2008
    Messages:
    105
    Likes Received:
    27
    Occupation:
    Still Pimpin
    Location:
    Katmandu
    Another good idea is a WP database backup plugin. It will email you your database and WP settings on a set schedule so you can reinstall to the last known working version.

    Maybe some other BHW WP users can share their security tips and tweaks.
     
    • Thanks Thanks x 1
  6. twoj04

    twoj04 Power Member

    Joined:
    Apr 23, 2009
    Messages:
    632
    Likes Received:
    365
    Occupation:
    Self-employed (Hopefully you are also)
    Location:
    115164132199648
    Hey everyone, thanks and yea if anyone can share their advice on how to prevent this from happening in the future will be extremely appreciated with +thanks and such :)

    I am going through and finding that it was pretty simple to hack me.
     
  7. sxmcdo6

    sxmcdo6 Newbie

    Joined:
    Sep 7, 2009
    Messages:
    9
    Likes Received:
    13
    Are you using secure FTP??? One of my WP domains was getting injected with iframes until i took the time to set it up. From what I can gather File-zilla is notorious for leaking info.
     
    • Thanks Thanks x 1
  8. twoj04

    twoj04 Power Member

    Joined:
    Apr 23, 2009
    Messages:
    632
    Likes Received:
    365
    Occupation:
    Self-employed (Hopefully you are also)
    Location:
    115164132199648
    Ok updates,

    1. Re-installed WP on all domains.
    2. Added extra PW security to all WP related files
    3. Added robots.txt and beefed up the .htaccess
    4. Added 2 security plugins
    5. Changed all passwords
    6. About to start using SSH or Secure FTP over FileZilla
    7. Have WP-DB Backup email me twice a day with backups in case this happens again.

    Anything else I can do?

    Cheers :)