15 {{ upvoteCount | shortNum }}
15 {{ upvoteCount | shortNum }}

Wordpress hacked

by benlauren
12 replies
I have two web sites that are just sitting there at the moment and they've been hacked. One won't accept my password (hasn't been changed) and the other is all over the place. How do I prevent this happening again? change password often? I am with hostgator and i've noticed a backup facility. Should I use that and will that work if I say backup every week? I am fairly inexperienced with the back room stuff.
#hacked #wordpress
  • Profile picture of the author DireStraits
    Keeping your Wordpress installations and plugins up-to-date is a good start. What version were you running on these hacked sites?
    {{ DiscussionBoard.errors[3418008].message }}
    • Profile picture of the author benlauren
      Don't know but when I see an update available I always update.
      {{ DiscussionBoard.errors[3418070].message }}
      • Profile picture of the author DireStraits
        Originally Posted by benlauren View Post

        Don't know but when I see an update available I always update.
        Well, providing your web-host are doing thier job by keeping their servers secured and updated, and you haven't gone doolally with your file-permissions, I'd wager a guess that you were either hacked due to an out-of-date Wordpress installation or plugin for which there was a known security flaw, or - as Rikki suggested - your passwords were so weak as to have been guessed or easily broken by a bute-force password cracking attempt.

        If you keep things regularly updated and use strong, unique passwords for each site/blog, you'll immediately lessen the chances of this happening again.

        Excuse the observation, but "just updating whenever you happen to notice a new version's available" isn't really an optimal approach, if you take the integrity and security of your sites seriously.

        You really have to be proactive about these things, and make it your business to find out when new versions are available (sign up to any announcement lists, if any exist) and update immediately when they are.

        There are many unscrupulous individuals out there who spend vast amounts of time scouring the 'net for sites to hack - often for spamming purposes, but sometimes just for pure sadistic pleasure. :p
        {{ DiscussionBoard.errors[3418310].message }}
  • Profile picture of the author Rikki_Fawkes
    Making a really strong password helps to begin with. "Guessable" passwords are the worst.

    I use a Firefox plugin called LastPass to remember passwords I create and to generate random ones for new sites. You might try that if you don't create difficult ones on your own.
    Signature

    Learn how you can get paid writing online with NO startup money! I will help you make part-time or full-time income as a freelance writer at http://getpaidwriting.org. No previous writing experience necessary!


    {{ DiscussionBoard.errors[3418021].message }}
  • Profile picture of the author Sansfaim
    Hi,

    Real pain in the proverbial, been there, got the video and the t shirt

    Possible good news: Hostgator back up your site every week.

    email security@hostgator.com, give them the details of your site and ask them to put them back up and send you the new log in details.

    Be quick, otherwise they will only have the hacked sites.

    Go into your sites when they are up, go to users/profile and change your password to something that has about 15 characters ( use a password generator Security Guide for Windows - Random Password Generator)

    Download and install this plugin: WordPress › WordPress Backup « WordPress Plugins

    send a backup to your gmail account every week and then delete them after a month.

    If you are using something like "admin" for your username, go into your cpanel, then phpmyadmin and change your username to something more secure (you can only use letters and underscores)

    Learn how to secure your WP sites properly, buy this (Blog Lock Down: Secure Your Wordpress Blog Today) (non-affiliate link)

    Cheers

    Sandy
    {{ DiscussionBoard.errors[3418402].message }}
  • Profile picture of the author ratracegrad
    I agree with Sandy. Hostgator does backup your site nightly. You can have them restore your site as of a day in the past 7 days. There is a slight fee for the cost. They say it will take up to 48 hours to restore. From time I requested restore and paid for it for my site, it was done in under 3 hours.
    Signature
    Amazon Affiliate Bible - an insiders guide to increasing conversions and earnings as an Amazon Affiliate
    RatraceGrad - my blog showing how I earn $100/day
    {{ DiscussionBoard.errors[3418965].message }}
  • Profile picture of the author MilesT
    This is kind of important...

    You should check EVERY single file on your site for inserted links or code. Its a real pain in the ass but totally necessary. I've had two sites blocked by Google because they found malware hidden in files, from html to css to php files. Also, create passwords that are cryptic to say the least. Something like xUoo43#@yr3. Use letters, numbers, caps, special characters, and a bunch of them. Hackers will use what's called a "dictionary attack" to find your password, and they are successful a lot of the time.

    Keeping WP updated is important as well.

    ALSO - yes! Use LastPass! If by chance there is a keylogger at work on your system, LastPass can circumvent it by filling in passwords for you thus eliminating keys being pushed on your keyboard. I use it and swear by it.
    Signature
    http://www.RedHeadline.com
    Internet Marketing's Top Daily News (Updated today)
    {{ DiscussionBoard.errors[3419002].message }}
  • Profile picture of the author benlauren
    Well, the good news is that my sites weren't hacked. Hostgator restored them and this was their message: "These sites where not properly moved to our host. The sites where not hacked. SiteURL and home options contained the incorrect domain."

    I bought these sites so I am assuming that the seller did something wrong.
    {{ DiscussionBoard.errors[3424249].message }}
    • Profile picture of the author Diane S
      Originally Posted by benlauren View Post

      Well, the good news is that my sites weren't hacked. Hostgator restored them and this was their message: "These sites where not properly moved to our host. The sites where not hacked. SiteURL and home options contained the incorrect domain."

      I bought these sites so I am assuming that the seller did something wrong.
      That is great news! Now do what everybody in this thread has been recommending, and you are good to go! I am in the habit of making additional backups on my most important sites directly through cPanel, keeping them on the server. If I do get hacked, hostgator can easily restore for free at any time, since they have instant access to the backup. Just fill out their form, agree to the $15, and tell them where the backup is - usually on the root. Then they don't take the $15 and restore the site. A couple of times the WP backup plugin failed and I was so glad I had done these extra backups!
      Signature
      KimW still needs our help DONATE DIRECTLY
      My First Kindle Book: Ten Days in the Land of Smile
      {{ DiscussionBoard.errors[3424565].message }}
    • Profile picture of the author Istvan Horvath
      Originally Posted by benlauren View Post

      I bought these sites so I am assuming that the seller did something wrong.
      It depends: who installed them on your server (at new domain)?
      If it was the seller - it's their fault.
      If it was you - it's your fault.
      :p
      Signature

      {{ DiscussionBoard.errors[3424681].message }}
  • Profile picture of the author VOnline
    Good thing it was the hosting problem.
    I'm assuming you typed their quote yourself tho right? Unless HostGator is starting to get some English issues.

    "These sites where not properly moved to our host. The sites where not hacked. SiteURL and home options contained the incorrect domain."
    Signature
    WardrobeStaples.com
    Pleasures of Effortlessly Receiving New Wardrobe Essentials Every Month

    Feel good about throwing out old clothes because you know there’ll be a new one waiting for you at the door.
    {{ DiscussionBoard.errors[3424733].message }}

Trending Topics