1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

One of my wordpress sites got hacked

Discussion in 'Making Money' started by DeliDalon, Aug 24, 2016.

  1. DeliDalon

    DeliDalon Newbie

    Joined:
    Aug 24, 2016
    Messages:
    4
    Likes Received:
    0
    Hello BHW,

    So I have some wordpress sites, and one of them I just checked on and noticed it got hacked by some no life turk and placed gruesome stuff with loads of text and images of dead people. I immediately canceled the domain DNS and it's now all down, lost all my stuff. He deleted the whole site and replaced it with a .php file html which does the thing.

    Now I know stuff like this happens, but what's the point of these no life turds?

    If anyone can give me some recommendations on how I can prevent this that would be nice. I changed the passwords for the hosting already.

    Any recommendations on how I can prevent this please?

    Also, how do people get load of this? Is it from the hosting end or did they just hack into the WordPress site, could it be that the wordpress site I was using was hacked or they put some crack in it?

    Thanks guys.
     
  2. shezboy

    shezboy Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 17, 2008
    Messages:
    3,910
    Likes Received:
    5,496
    Gender:
    Male
    Location:
    UK
    These guys are known to be the best when it comes to securing and protecting your site http://sucuri.net They offer a clean up service too plus a whole load more to keep your sites safe.

    Shez
     
  3. DeliDalon

    DeliDalon Newbie

    Joined:
    Aug 24, 2016
    Messages:
    4
    Likes Received:
    0
    Thanks Shezboy,

    Any other suggestions which are free though as I am a little strapped at the moment? Thanks though, I will check it out!
     
  4. uncutu

    uncutu Elite Member

    Joined:
    Aug 6, 2010
    Messages:
    1,610
    Likes Received:
    802
    Avoid pirated themes. Bad guys often put in back-doors for themselves.
    Keep your WP version up to date.
    Create a backup of your site after any big changes in case of a catastrophic failure.
    Install Wordfence Security (free), it's the most popular security plugin. I highly recommend it.
    Code:
    https://wordpress.org/plugins/wordfence/
     
  5. shezboy

    shezboy Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 17, 2008
    Messages:
    3,910
    Likes Received:
    5,496
    Gender:
    Male
    Location:
    UK
    It would be difficult to say exactly how they got it really. You would be best to raise the issue with your web host though to make them aware of things in case the attack came in via their system. Unfortunately I am not a security expert in this area so I hope someone else can offer you some more advice on where to start with securing up your site. As I said, without knowing where or how they got in then it's difficult to give accurate advice.

    Make sure that all of your themes and plugins are up to date though. And install something like https://en-gb.wordpress.org/plugins/all-in-one-wp-security-and-firewall/

    Shez
     
  6. Vlad D

    Vlad D BANNED BANNED

    Joined:
    Apr 21, 2016
    Messages:
    280
    Likes Received:
    128
    1. Keep your PC clean , use a spy-bot don't visit shitty websites .

    2. Use two factor authentication ( enter password -> receive cod via sms -> enter code -> login successfully ) .
     
  7. JasonS

    JasonS Jr. VIP Jr. VIP

    Joined:
    Sep 15, 2012
    Messages:
    3,034
    Likes Received:
    929
    This happens to me a long ago, when I was a beginner and can't afford paid themes/ plugins. I still remember I used pirated copy of optimize press in one of my sites that was hosted with other sites in the same hosting account. One site got hacked and also infected the others hosted in the same account. After that lesson I've never used any pirated script.
     
  8. Phenomix

    Phenomix Regular Member

    Joined:
    Sep 21, 2014
    Messages:
    477
    Likes Received:
    191
    Gender:
    Male
    Location:
    Australia
    If you don't have the funds to pay for Securi, I use two tools on all my websites which blocks attacks every day.

    1 - WordFence

    2 - WP Cerber

    Both are free plugins and you can combine the two of them for some really good security.

    Set WordFence to block blank user agents and also fill out the sections where you can block specific URL's from being accessed and specific usernames from being attempted.

    Also set the lockout times to maximum if you are the only person who logs into your website.

    Set WP Cerbers lockout settings to 1 attempt and 999 hours and change your login URL from /wp-admin to whatever you like in the settings.

    Also, White-list your IP address in both plugins settings.

    If for some reason you lock yourself out (I've done it a couple of times) you can just log into your cPanel and delete the two plugins. Log back into your WordPress and install and configure the plugins again.

    I get lots of hacking attempts every day with blank user agents, password attempts, requesting PHP files, trying to upload files and directory traversal attacks and they all get blocked.
     
    • Thanks Thanks x 2
  9. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    Word fence is amazing... That alone is a great bit of security for any site
     
  10. Fear2403

    Fear2403 Power Member

    Joined:
    Dec 21, 2014
    Messages:
    573
    Likes Received:
    66
    spend 5$ for fiverr gig and you will be fine.
     
  11. easy.rahil

    easy.rahil Registered Member

    Joined:
    Dec 28, 2011
    Messages:
    52
    Likes Received:
    2
    Location:
    somewhere
    Home Page:
    Strictly dont use shared hosting. Never use nulled themes or plugins. Dont use your old backup for installing with new host. It may contains unwanted codes installed by hacker.
     
  12. pronstar

    pronstar Junior Member

    Joined:
    Feb 27, 2015
    Messages:
    106
    Likes Received:
    24
    Occupation:
    Tosser
    Location:
    London
    Home Page:
    One of my sites got hacked and used as a pirate dump site or something, I didn' t even realise until I got a Google manual.

    I cleaned it up re-installed, changed passwords and installed wordfence, like a lot of people here recommend.

    The weird thing is WF reports that every 5 secs my site is being scanned and attempted logins from my own IP (I'm on very cheap on shared hosting)

    When I asked support they said to uninstall wordfence as it's "not compatible with their service" and anyway "they provide firewall cover" lol
    this is just after being hacked ffs

    The attempts from my own IP mean I can't block them.
    I wonder if my cheap hosting people are hacking their own sites or people on my shared IP (more likely) anyone had this crap happen to them?

    sorry to jump on your thread OP.
     
  13. Mani Anbaz

    Mani Anbaz Newbie

    Joined:
    Jul 26, 2016
    Messages:
    31
    Likes Received:
    2
    Gender:
    Male
    Everybody talking about pirated wp, anyone know how to verify if I didn't purchase it?
     
  14. stack paper

    stack paper Jr. VIP Jr. VIP

    Joined:
    Jan 24, 2008
    Messages:
    601
    Likes Received:
    303
    Occupation:
    Analog Nomad
    Location:
    Reddit / Chiang Mai
    Home Page:
    Out-of-date plugins are the #1 cause of hacked sites. I use wordfence on every site & I know there's also a plugin that checks plugins / themes against the wordpress repository but the name escapes me atm (i'm sure you won't have an issue finding it)
     
  15. Setox

    Setox Power Member

    Joined:
    Apr 30, 2015
    Messages:
    500
    Likes Received:
    205
    Occupation:
    CPA Hunter - Web Dev - Design
    Location:
    MA
    Home Page:
    That's why i heat shared hosting , once a website got hacked , no matter how you defend yours you will be ripped off . if your hosting provider can't offer high security measurements then it's really dangerous , Hackers can easily extract the database config of all websites in server after only hacking one website . Try use OVH , they are well known for their secured servers & hosting .
     
  16. DanDD

    DanDD Junior Member

    Joined:
    Mar 10, 2014
    Messages:
    183
    Likes Received:
    9
    since all is deleted you can do a fresh install, keep wordpress and plugins up to date, add captcha on login.
    you need to have proper permissions on the host, disable dangerous functions, and many more
     
  17. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    Is bluehost considered safe hosting?
     
  18. DanDD

    DanDD Junior Member

    Joined:
    Mar 10, 2014
    Messages:
    183
    Likes Received:
    9
    also use cloudflare, theres a free plan, it will hide your ip and defend against almost all attacks
     
  19. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,495
    Likes Received:
    11,193
    Occupation:
    CHEAP
    Location:
    DATASETS
    Home Page:
    The hosting itself is not what matters. If you keep an outdated site, you could host at the most expensive plan at Rackspace and still get hacked.
     
  20. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    Your saying "outdated" as far as plugins?