1. This website uses cookies to improve service and provide a tailored user experience. By using this site, you agree to this use. See our Cookie Policy.
    Dismiss Notice

My WP site Got hacked ! New 300 spam articles are published !

Discussion in 'White Hat SEO' started by khaledbaddez, Sep 26, 2019.

  1. khaledbaddez

    khaledbaddez Junior Member

    Joined:
    Jul 21, 2019
    Messages:
    136
    Likes Received:
    17
    hey today after checking my website i found new 300 articles on my wordpress website that i did not post ! why this happened and how to protect my site to not happen again !
     
  2. michaelr1988

    michaelr1988 Regular Member

    Joined:
    Apr 25, 2011
    Messages:
    489
    Likes Received:
    317
    I haven't used wordpress in a long time, but pretty sure these basics still apply.

    - Don't use "hacked" themes. Pay for them, or use a reputable one. Same applies to plugins.
    - Install something like wordfence security and scan files.
    - Limit login attempts (plugin) I think wordfence mentioned above can do this.
    - Name wp-admin/wp-login url to something else. (plugins can do this)
    - Delete old themes and plugins no longer in use.
     
    • Thanks Thanks x 1
    Last edited: Sep 26, 2019
  3. Meddie

    Meddie Jr. VIP Jr. VIP

    Joined:
    Jan 6, 2015
    Messages:
    4,502
    Likes Received:
    4,483
    Occupation:
    Sticky as a Gecko
    Location:
    Dacian Kingdom
    Home Page:
  4. pauliakas

    pauliakas Jr. VIP Jr. VIP

    Joined:
    Feb 25, 2009
    Messages:
    1,229
    Likes Received:
    263
    Location:
    internet
    Home Page:
    Also, check your computer for viruses.
     
  5. Rj268

    Rj268 Jr. VIP Jr. VIP

    Joined:
    Oct 12, 2018
    Messages:
    849
    Likes Received:
    423
    Gender:
    Male
    Location:
    Southern California
    If its Japanese text, they got in through your hosting account. Happened to me and many others.
     
  6. Maticzilla

    Maticzilla Jr. VIP Jr. VIP

    Joined:
    Jul 10, 2013
    Messages:
    1,089
    Likes Received:
    597
    Gender:
    Male
    Occupation:
    Getting the internet bread
    As someone familiar with wordpress sites being hacked numerous time things people often neglect are

    1. Dont install nulled themes and plugins it's not worth it

    2.always use 1 developer to manage your sites and ensure you establish some trust before letting anyone access your site.(try to retain them for future works)

    3. Download current .htaccess file and Google default wordpress httaccess and reload your site

    4.try to uninstall any recent themes or plugins to test check your site.
    5. Use secured password and security wordpress plugins to ensure safty of your site.
     
  7. YujinTan

    YujinTan Elite Member

    Joined:
    Jan 7, 2018
    Messages:
    2,642
    Likes Received:
    289
    Home Page:
    this is what I ask yesterday usually those hacker who hack site what's the first thing the do.

    I used to get hack like OP, yes suddenly got new content and links to a shop which is that hacker affliate
    is very troublesome and piss off , along the way to ask expert clear , yes is paid , and need to rank it again till now I still stuck all thanks to the hack.

    This is where i get wordfence, yesterday i received one email from them mention got admin log in , from japan .

    I check nothing happen to the site till now still ok.
    I also check got any new admin added , it don't have.

    I wonder is it been stop by wordfence behind etc I not sure .cross my finger.
     
  8. Stackz

    Stackz Jr. VIP Jr. VIP

    Joined:
    Feb 7, 2017
    Messages:
    1,392
    Likes Received:
    1,785
    Gender:
    Male
    Occupation:
    ↓ USA-Native Author↓
    Location:
    ↓ Money-site Quality↓
    Home Page:
  9. Meddie

    Meddie Jr. VIP Jr. VIP

    Joined:
    Jan 6, 2015
    Messages:
    4,502
    Likes Received:
    4,483
    Occupation:
    Sticky as a Gecko
    Location:
    Dacian Kingdom
    Home Page:
    Me either, but I find this more noob friendly and it does what i am looking for.
     
    • Thanks Thanks x 1
  10. khaledbaddez

    khaledbaddez Junior Member

    Joined:
    Jul 21, 2019
    Messages:
    136
    Likes Received:
    17
    upload_2019-9-26_14-26-37.png
    i do not know what's wrong ! but it sounds like the plugin section in my wordpress is unactivated !
     

    Attached Files:

  11. fas66

    fas66 Jr. VIP Jr. VIP

    Joined:
    May 3, 2013
    Messages:
    434
    Likes Received:
    138
    Location:
    Online
    One important tip is to always delete the old unused themes and plugins.

    And for the image above , does your hosting take regular backups, you may contact them to recover the files and also ask them for the source of the attack.
     
  12. pressrelease

    pressrelease Senior Member

    Joined:
    Jan 6, 2016
    Messages:
    928
    Likes Received:
    419
    Location:
    Disneyland
    Home Page:
    Unless we see the url we cant comment what may be the actual reason for h a c k, as backdoor could be through nulled theme or may be through your host.
     
  13. GregFromMoonsy

    GregFromMoonsy Jr. VIP Jr. VIP

    Joined:
    Aug 12, 2018
    Messages:
    598
    Likes Received:
    249
    Gender:
    Male
    Location:
    European circus
    The most common reasons are always weak passwords to:

    - WP
    - Cpanel / Plesk
    - phpMyAdmin
    - FTP account
    - hosting account
    - mysql (especially when allowed are far connections)

    The next reasons are:

    - security holes in plugins
    - security holes in themes

    There are plenty of ways to search for blogs which have the mentioned security holes.
    You should always remove everything what you not using, not just "deactivate" it.

    The biggest WP security issue is - mixing php scripts with html code + clear path/info about installed theme

    Cheers, Greg.
     
    Last edited: Sep 26, 2019
  14. pauliakas

    pauliakas Jr. VIP Jr. VIP

    Joined:
    Feb 25, 2009
    Messages:
    1,229
    Likes Received:
    263
    Location:
    internet
    Home Page:
    check You wp_config.php file ;)