Skip to main content

Mutiple wordpress accounts hacked on 1 server

Comments

4 comments

  • adeyjones
    I have seen similar hacks but unfortunately it is not a cPanel/WHM issue and I doubt they'd support the resolution of it, as the issue is with the websites themselves and not the hosting software, however they may assist to just get your access back in to WHM, the previous hacks i've seen haven't gone as far as locking out of the server itself. Regarding the sites, Was your database the default wp_ prefix? Was your admin username the default 'admin'? Did you have any security plugin installed such as Wordfence or All in One security? Any additional rules in .htaccess? And did you keep core WP and all plugins up to date to latest versions?
    0
  • CraftyPanda
    Hi Adeyjones, Thank you for the reply. Some of the sites do appear to have the default prefix, but others affected did not. They were not default admin username. All sites have wordfence installed. None of the sites were on the latest version of WP, but only 1 or 2 core versions behind. Ill see what cPanel support say. I understand that wordpress is not their area. I just want them to help me confirm the server itself hadnt been compromised. I think its not likely though as not all accounts on the server where individually hacked. Not had something like this happen for quite a few years!
    0
  • cPRex Jurassic Moderator
    Was it AnonymousFox?
    0
  • fmosse
    Hi! InWHM > Service Configuration > Apache > "Global Configuration", search for "Symlink" and check "Symlink Protection" is disabled. It should be "enabled"
    0

Please sign in to leave a comment.