Infected Wordpress website

remcie

• March 01, 2016 08:50

For the past few months we have been struggling with a hacked Wordpress website. The site was hacked and a script was uploaded to send out email. Altogether the site has been hacked about 4 or 5 times now. The first time we simply deleted (or replaced) the infected files but that did not work. As we had a clean backup we uploaded a backup and for about 1 month nothing happened, but then we were hacked again. So the 3rd time we decided to work with a clean Wordpress instalation, and kind of rebuild the website. Again everything was quiet for a few weeks till the website got hacked again. Please note that every time we found out we were hacked we found the script in different files (sometimes in a certain plugin, sometimes in actual Wordpress files). The last time we lost our patience and decided to start all over 100%. We deleted the old cpanel and opened a new one. Installed a new Wordpress instalation and build the site again from scratch. Same with the database. We installed several security plugins, protected the database etc and again everything was quiet for about 1 month untill yesterday, we got hacked again :-( At this point I really don't know where to find the issue. First I expected it to be a Wordpress problem but the last time we made sure working with a clean installation and have all templates and plugins updated to their latest version. Obviously we use very strong passwords, nobody has access to these passwords. Could this be a server-lever problem? The strange thing is we have another 20 websites hosted on the same Linux dedicated server which have not been hacked in years. Any advice would be greatly appreciated. Thanks,

• 

  storminternet

  • March 01, 2016 13:58

  If this is specifically with your one website then wordpress plugin you are using can be reason for hacking. Recently revslider plugin vulnerability has been detected. For more details you can refer to the thread below.

  0
• 

  syslint

  • March 01, 2016 14:56

  Also make sure your client billing accounts and email accounts too secure. If some one have access to that, then there is no point in reinstalling wordpress :)

  0
• 

  cPanelMichael

  • March 02, 2016 14:59

  Hello :) The following guide is useful if you want to ensure your server follows some basic security guidelines: Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation That said, if you are unsure of the security of your system, you may want to consult with a qualified system administrator or security expert for a full investigation into why your accounts are exploited. Thank you.

  0
• 

  rregister

  • March 04, 2016 13:58

  Couple of tips from a wordpress server admin. As someone above mentioned, watch out for old versions of Revslider - I believe it's versions pre 4.6 that are dangerous. I believe the Yoast SEO and Google Analytics plugins were also a problem at one point, but those have long since been fixed and are free plugins that you can update. Gravity Forms prior to version 1.9ish are also bad and there is a common exploit that will allow the upload of rogue php files. This is the #1 offender for most of my customers. You need to buy a proper license and update it. If your site is infected... just wholesale replace the /wp-admin and wp-includes folders. All of your custom stuff like themes, plugins, etc is in /wp-content, and therefore it should be totally safe to override /wp-admin and /wp-includes with the stock packages. You will of course need to clean /wp-content manually, but this should save you some time.

  0

Please sign in to leave a comment.