1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Many wordpress sites hacked

Discussion in 'Blogging' started by deki33, Aug 11, 2011.

  1. deki33

    deki33 Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 9, 2009
    Messages:
    4,594
    Likes Received:
    763
    I have big network of wordpress sites on different hosting companies and servers (shared, vps, dedi)...
    All sites are always on latest WP version and all plugins are updated.
    In last one month many of sites are hacked.
    Every day I find few new sites that are hacked.
    I know about timthumb exploit and I updated it on sites that have theme with timthumb, but most of them don't have it.
    Can anybody give some advice what to do in order to stop feature hacks ?
    It looks like WP has more holes then ever before.
     
  2. synfig

    synfig Regular Member

    Joined:
    Mar 24, 2011
    Messages:
    230
    Likes Received:
    186
    Disable folder browsing at the root account of your hosting cpanel.

    Add the following code to your root accounts, .htacesss
    This will disable folder browsing for anonymous users.

    Another thing is to move wp-config at the top root level. for example, if your wp-installation is at : home/username/sitename.com folder then make sure you move the wp-config to the upper folder "username". wordpress will find that file on its own.

    Make sure none of your server folders are at pemission level 777 on your any site plugin structure. at the max, make them 755 but never set them to 777. also do check mysql table if there is any extra rows and colums added.

    These are the only things that i can tell you as of now.
     
    • Thanks Thanks x 4
  3. judson

    judson Power Member

    Joined:
    Nov 29, 2009
    Messages:
    530
    Likes Received:
    319
    Occupation:
    Fulltime Newbie IM
    Location:
    Sub Ubi
    Are you running any downloaded or nulled plugins or themes? That is usually the source of vulnerability for most WP hacking. And if you are not using a plugin or theme, don't just disable it ... Make sure you delete the files from the server too.

    Also, if your site is on shared hosting, check out all the other sites on the same server as you. If they have been hacked, it might be a WP or server problem. If not, see above on nulled themes and plugins.

    Finally, are you using the same username/password combination for all sites? This is very bad, and if for example you have adsense, it is easy to get a list of all your sites, and 'hack' them, once one site has been compromised. Use different admin usernames and passwords for each site. You can use something like LastPass to easily manage all your passwords.
     
  4. judson

    judson Power Member

    Joined:
    Nov 29, 2009
    Messages:
    530
    Likes Received:
    319
    Occupation:
    Fulltime Newbie IM
    Location:
    Sub Ubi
    Don't forget the human element.

    Do you have any pissed off employees?

    I assume you have backups for your sites. Where are those backups stored? Are they safe? If you use backup solutions that create an archived dump of your site+database, make sure those archives are not in a web accessible directory. If you know what to search for, you would be amazed just how many seemingly secure sites have their entire backup files available to anyone who can use WGET.
     
  5. Blackhat Scott

    Blackhat Scott Regular Member

    Joined:
    Jan 26, 2008
    Messages:
    217
    Likes Received:
    14
    matt cutts talked about this and oly said be sure to upgrade to latest wp... Are yours all upgraded to the latest version?
     
  6. ctcfox

    ctcfox Newbie

    Joined:
    Oct 22, 2008
    Messages:
    17
    Likes Received:
    7
    Check for shell. Maybe ha can upload one shell and hack other wp in one place
     
  7. sircoldfire

    sircoldfire Junior Member

    Joined:
    Jul 2, 2011
    Messages:
    104
    Likes Received:
    27
    Occupation:
    motha fu¬Ękin hu$tla
    Location:
    bank teller window cashin checks
    dont know the reason but i got owned also ... trying to sort out where the damage is (db? .. wp sciript? ) im pretty sure its not in the theme i use a modded base twentyten theme and ive skimmed through it and it looks ok...



    edit:
    turns out the site was on old 3.2.1? .. updated the wp and nothing seems to wrong any more ... also i went and checked webmastertools ... no malware found ..
     
    Last edited: Aug 12, 2011
  8. scottlies

    scottlies Regular Member

    Joined:
    Mar 17, 2009
    Messages:
    337
    Likes Received:
    109
    I wanna add the below tips that my self is applying to my blogs as well. Hope it helps.

    - Delete unused themes at your WP-THEMES folder. Aside from clearing up space for your site, by doing this, you are minimizing potential exploit from unused themes. Unused or inactive themes are kinda favorite target of so called hackers because when they inject code in it, its hard to notice.

    - Delete unused/inactive plugins. Same explanation with the themes.
     
    • Thanks Thanks x 2
  9. VIC SEO

    VIC SEO Elite Member

    Joined:
    Feb 19, 2010
    Messages:
    2,156
    Likes Received:
    363
    Gender:
    Male
    Occupation:
    SEO Specialist
    Location:
    iSynergyMedia
    Home Page:
    Can I find some security plugin thta will prevent a possible hack attack?
     
  10. genebadd

    genebadd Junior Member

    Joined:
    Jun 19, 2009
    Messages:
    122
    Likes Received:
    61
    "WP security scan" is a good plugin but be aware, this plugin can be dangerous in a rookies hands. It gives recommendations and options for securing your site. It also suggests renaming some important files that can break your site if you're site has been live for awhile (like renaming wp-config) so do not start changing the names of important folders if you already have a functioning site. Be very careful and backup your site first before testing this plugin.

    Again, its a very good plug in for securing your site, just be smart about how you use it.

    Also

    http://www.blackhatworld.com/blackh...t-secure-your-wp-bastards-noobs-not-only.html
     
  11. beeHWfan

    beeHWfan Regular Member

    Joined:
    Aug 30, 2010
    Messages:
    452
    Likes Received:
    225
    Occupation:
    do it all
    Location:
    US
    Home Page:
    Thanks a bunch! You saved me from major potential headaches in the future. Now I know what to do. I only have 11 sites but thanks again.




    Is this true that using Downloaded plugins exposes WP to hacks? I haven't seen this anywhere on here. Can anybody tell any stories? Thanks.
     
  12. chief99

    chief99 Junior Member

    Joined:
    Mar 5, 2011
    Messages:
    152
    Likes Received:
    26
    Good information I need to go review my sites to see if any got hit.