1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress Hacked traffic dropped -> $$$dropped

Discussion in 'Making Money' started by Stuart94, May 23, 2016.

  1. Stuart94

    Stuart94 Registered Member

    Joined:
    Oct 7, 2015
    Messages:
    51
    Likes Received:
    2
    So recently my wordpress site was hacked and i don't know why someone would hack my site . I only have like 100-200 visitors per day. BUT anyways the hacker posted porn all over my site and since then everything dropped from having 100 visitors to 30. And i dont know what to do pls someone help i changed the password but i fell like thats not enough.

    What should i do to prevent hackers ? and how did this hacker my site ?
     
  2. kugundo

    kugundo Regular Member

    Joined:
    Jun 21, 2013
    Messages:
    225
    Likes Received:
    78
    Occupation:
    IM
    Location:
    Everywhere
    Home Page:
    You can use Two Factor Authentification with for example "Clef" , use Login Limit Plugin and other Plugins like HidemyWP to prevent your website being hacked in the future.

    We cannot tell how the Hacker achieved this, there's more than one way. Maybe you had a weak password and he used "Brute Force" to gain access.
     
  3. iamcholo

    iamcholo Registered Member

    Joined:
    Oct 2, 2015
    Messages:
    80
    Likes Received:
    21
    Hey Stuart,

    Running a WordPress Site without protection is f8cking crazy.
    I'd suggest to take a look at the following plugins:
    • Wordfence
    • Block Bad Queries (BBQ)
    Also, check if you hosting company has been hacked. (Send a ticket support)

    Good luck!
     
    • Thanks Thanks x 1
  4. Stuart94

    Stuart94 Registered Member

    Joined:
    Oct 7, 2015
    Messages:
    51
    Likes Received:
    2
    hey kugundo and iamcholo:) thx for fast help. i will definitaly try out those plugins hope it helps .
    but one question i downloaded a plugin can a hacker manipulate a plugin and get acces through that ?
     
  5. LuckyCharm007

    LuckyCharm007 Jr. VIP Jr. VIP

    Joined:
    Jul 8, 2015
    Messages:
    1,907
    Likes Received:
    1,135
    Occupation:
    Affiliate Amazon Content Writer
    Home Page:
    PM me your domain name. I'll run a scan on it and check what happened. Usually hackers use a "backdoor" - Nulled theme, outdated plugin or lack of security to access your files. Also, Check your htaccess to see if there is something that shouldn't be there. 90% of the time, they use your domain to spam emails or redirect users to porn site via mobile site.
     
  6. RuthSam

    RuthSam Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 19, 2010
    Messages:
    3,814
    Likes Received:
    979
    Gender:
    Male
    Home Page:
    LoginLockDown great tool and WordFence.. if you have money SUCURI is great and cloudflare!
     
  7. HelloInsomnia

    HelloInsomnia Jr. Executive VIP Jr. VIP

    Joined:
    Mar 1, 2009
    Messages:
    1,828
    Likes Received:
    2,939
    As others suggested use WordFence and you will need to research how to do this a bit but change your nicename in the database, this prevents people from finding your username in the source code. And obviously use a strong password as well.
     
  8. Conor

    Conor Elite Member

    Joined:
    Nov 7, 2012
    Messages:
    3,579
    Likes Received:
    5,964
    Gender:
    Male
    Location:
    South Africa
    Home Page:
    Two plugins:
    Scan your site with this: https://wordpress.org/plugins/gotmls/
    Secure it with this (Go through the settings carefully): https://wordpress.org/plugins/better-wp-security/
     
  9. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,183
    Likes Received:
    1,579
    Occupation:
    Marketing
    Location:
    Portland,Or
    You need to also prolly clean your site files too. They prolly have back doors all over.
     
  10. immaletyoufinish

    immaletyoufinish Regular Member

    Joined:
    Mar 3, 2016
    Messages:
    219
    Likes Received:
    113
    Disable xmlrpc as that is being used to brute force passwords a lot these days. Also rename the default table prefix in the database from wp_ to something else. These are critical steps for hardening wordpress.

    By default wordpress is a security nightmare. It's like parking your ferrari in the ghetto and leaving it unlocked with the windows down and keys in the ignition.
     
  11. dakkidb

    dakkidb Junior Member

    Joined:
    Mar 12, 2009
    Messages:
    131
    Likes Received:
    30
    I got hacked too back in 2013. Damn hackers. Best thing to do is create a support ticket ASAP to your hosting company so they can restore a backup of your site.
    And as everybody said here: add security plugins this time!