1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My wordpress sites got hacked - what next?

Discussion in 'BlackHat Lounge' started by Kingjay, Feb 20, 2013.

  1. Kingjay

    Kingjay Junior Member

    Joined:
    Sep 2, 2012
    Messages:
    105
    Likes Received:
    17
    Hello guys I sort of freaked out this morning when I saw my websites had been hacked! I luckily only had to change the index.php file to "restore" the home page. Do anyone have an idea how it is possible for hackers to do that, from what I understand that had to be able to log into my cpanel or ftp account or how else?

    How can I protect my websites against further / future attacks.

    I know there is a lot of wordpress documentation on this that I still have to read but thought I would ask the real experts at BHW :)
     
  2. James2

    James2 Senior Member

    Joined:
    Jun 3, 2011
    Messages:
    1,133
    Likes Received:
    994
    Location:
    London, England
    Have you got a plugin called WordPress better security? If not, get it now. It's free and easy to set up and it works well.

    James :)
     
  3. ContentLockPro

    ContentLockPro Power Member Premium Member

    Joined:
    Nov 7, 2012
    Messages:
    723
    Likes Received:
    129
    Remove any plugins you aren't using and make sure keep plugins you are using to a minimum (and Google for any reported issues on them).
     
    • Thanks Thanks x 1
  4. smsudar

    smsudar Registered Member

    Joined:
    Jun 26, 2007
    Messages:
    77
    Likes Received:
    52
    Home Page:
    Probably, hackers have created backdoor on your site. You have to check full wordpress files and change hosting and ftp passwords. First install, worddefence security plugin and sucuri plugin both are free, and scan for any vulnerability, infection or backdoor present. if you found anything, you have to clean everything.
     
    • Thanks Thanks x 1
  5. anic21

    anic21 Junior Member

    Joined:
    Nov 25, 2009
    Messages:
    144
    Likes Received:
    32
    Location:
    xxxXxxx
    1.Dont use cracked plugins/themes onwords.
    2. Update wordpress when it is available.

    This will keep 99% hackers away from your blog
     
    • Thanks Thanks x 2
  6. Kingjay

    Kingjay Junior Member

    Joined:
    Sep 2, 2012
    Messages:
    105
    Likes Received:
    17
    Thanks for the replies guys, will jump right to it. I actually use only free plugins and one paid theme at the moment.

    Thanks again for all your help...
     
  7. blackpayman733

    blackpayman733 Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 9, 2009
    Messages:
    5,061
    Likes Received:
    1,041
    Occupation:
    Writing articles / building links / Boosting SERP
    Location:
    in BHW forum
    Home Page:
  8. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,063
    Likes Received:
    2,872
    Gender:
    Male
    I am a wordpress specialist and a hacker.. Contact me if you are serious..
     
  9. James2

    James2 Senior Member

    Joined:
    Jun 3, 2011
    Messages:
    1,133
    Likes Received:
    994
    Location:
    London, England
    I could do with some help too mate. Two of mine got done. Cheers.
     
    • Thanks Thanks x 1
  10. ID Internet Marketer

    ID Internet Marketer Senior Member

    Joined:
    Jan 22, 2013
    Messages:
    938
    Likes Received:
    1,442
    Occupation:
    Blackhatworld Member
    Location:
    My Private ***
    me too. maybe i can help you just contact me.

    for simple solution you should install plugins :

    Wordpress Firewall 2
    AntiVirus
    Mute Screamer

    it's really powerful even you cannot change setting your theme when wordpress firewall and mute screamer active.
     
    • Thanks Thanks x 1
  11. islandman1010

    islandman1010 Elite Member

    Joined:
    May 10, 2008
    Messages:
    1,591
    Likes Received:
    139
    I use Wp better security and wordfence. Works well for me.
     
  12. Dathrill2002

    Dathrill2002 Newbie

    Joined:
    Jul 13, 2012
    Messages:
    15
    Likes Received:
    0
    I use wordfence as well. Great plugin.
     
  13. Duffers5000

    Duffers5000 Elite Member

    Joined:
    Apr 1, 2012
    Messages:
    2,466
    Likes Received:
    7,615
    I use wpbetter security and I got done once.

    Moral of the story dont ever leave your login as Admin and pick a good and long cryptic password.
     
  14. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,063
    Likes Received:
    2,872
    Gender:
    Male
    Doesn't matter. They always find the correct username somehow. Better use captcha in your login. You can also use Login Lockdown..
     
    • Thanks Thanks x 1