GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Webmaster Q & Fuckin' A (https://gfy.com/forumdisplay.php?f=27)
-   -   help me stop wordpress hackers? (https://gfy.com/showthread.php?t=1170035)

jay_gghq 07-10-2015 12:38 PM
help me stop wordpress hackers?
 
So my sites are being targeted by hackers. They are using my sites to send out PHP mail spam. My coder is kind of nonchalant about it and I am about to load a back up and need a way to stop this from happening in the future. Can anyone please recommend some security settings or plugins that will prevent this?

Denny 07-10-2015 02:21 PM
Hardening WordPress « WordPress Codex

Hardening WordPress Security: 25 Essential Plugins + Tips - Hongkiat

...

robwod 07-10-2015 02:26 PM
Take Denny's advice above.

Also, important to remember, your Wordpress site is only as secure as the host, so make sure your host is on top of keeping everything current. And make absolutely sure your themes and plugins are up to date and secure.

RachelBlackG 07-10-2015 03:12 PM
You need to look for injected code in your own php files. It's most likely automated attack which inserts code to index.php files anywhere in hierarchy or create its own (like hello.php, help.php, code.php etc.). Look for your folders with 777. Code is also most likely inserted at the very beginning of file. There can be new php file that 777 some folder which is in use of some importing script that use cron or download data from somewhere. You should also implement Cloudflare and check your logs for failed ssh login attempts. Suspicious IP's need to be blocked on regular basis. I bet they will mostly come from China. If you do not use this traffic I recommend to block it completely. You can also turn off your mail server. But it will most likely result in another different type of attack.

Plugins to consider:
Block Bad Queries (BBQ)
Brute Force Login Protection
Sucuri Security
Wordfence Security

Also: Change all users "admin" in WP to different one. Change all passwords (wp/ftp/cpanel/ssh).

Good luck!

Venum 07-10-2015 10:47 PM
Hardening the server security is also important.

Use good server setup, example nginx+php-fpm+mysql or mongo

Use nginx as a proxy cache to the front of the web, and keep infra behind proxy.

Babaganoosh 07-12-2015 07:01 AM
https://www.prontoadmin.com

What you're talking about is almost always an outdated version of Wordpress, plugins or a vulnerable theme. Check to see which directory the scripts are being uploaded to. That might give you some idea of the script that's vulnerable.

If you're on shared hosting, I see a lot of people set permissions on directories to 777 which will allow other users to write files to those directories.

CaringNeo 07-12-2015 09:24 PM
It happened to me before.

First thing, update your wordpress version. Check the list of users. If there is any new user with admin rights, delete the user.

Update all your plugins and themes also.
If you are using any themes or plugins dowloaded from warez sites, it could also be a problem.


All times are GMT -7. The time now is 05:46 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc