WordPress Hacked

Have you had WordPress hacked?  I sure did, same site, way too many times.  Very, very frustrating.  Each time, they used the site as a mailing system and sent out some rather nasty emails, all from fictitious people supposedly from my domain.  All of it bogus.  Since this site shares the same ip address as other sites I have that DO send email, I was getting blacklisted too and it was affecting other sites on that same server.

Here’s a few tips, first, check your spam buckets often.  You’ll see returned email that never made it.  A lot of them since nobody wants this kind of email anyway.  But you need to make sure you server is set where there’s some kind of limit on the amount of email being sent out each hour.  That’s in your WHM on your server.  If you don’t have access to that or know what I mean, you’ll need to contact your service provider or hosting service and ask them to do this.  If you set your mail limit to say 150 per hour, then these hacker emails will almost always exceed that.  When that happens, you’ll start getting emails from the server saying you’ve exceeded that limit and it will tell you exactly what file was causing it.  In the site I had trouble with, every time, it was different files and different spots.  In this way, even if you do get hacked, you’ll know pretty quickly and can shut them down fast and be able to tell which file is the problem.

Then change all your passwords, not just the cpanel, but all your ftp accounts.  make sure if you have an alternate ftp account you created manually other than the default that you also change it.  Use a long, crazy password.  Login and change the wordpress password, make sure all your plugins, themses, etc are updated.  Delete all the plugins, themese, ect you are not using.

Then watch closely to make sure you don’t get wordpress hacked again.

Lastly, I installed a plugin called WordPress Defender or WP Security.  http://wordpress.org/extend/plugins/wp-security-scan/

Do whatever it tells you to do and scan your system once in a while.

You can also use a site like

http://www.siteadvisor.com

To scan your site, make sure it’s alright.

Last, but not least, make a backup of the database, delete he whole dang thing, reinstall wordpress from scratch and then restore your backup.  Make sure you get all your graphics first.

There seems to be no way to make this never happen again but you can greatly reduce the liklihood and at least know as soon as possible and shut them down.

Hopefully they’ll get tired of you and find an easier target.

Here’s more on what you can do to Defend Yourself http://www.jamesstoneseo.com/2013/04/02/wordpress-defender-plugin/

Doc

By the way, if you have a site of your own and need some additional advertising that does as well as Google Adwords for a fraction of the cost, please take a look at Advertise Your Business Now

 

4 Comments

  1. Pingback: Wordpress Defender Plugin | SEO - Search Engine Optimization by James Stone

  2. Ed

    Interesting Article,

    I hate hackers, but your advice here is worth noting, and taking action in prevention against this sort of attack on your wordpress blog.

    Thanks Doc, for the update on this matter…

    ED

  3. Rudy

    Another good plugin against hackers is
    BulletProof Security or
    Secure WordPress.
    But the most important measure is to close or open doors
    in the settings, such as he .htaccess etc.

  4. Doc Stone (Post author)

    Hi Rudy, thanks for that, you’re right about the .htaccess but Wordfence was great “after” the site was infected. As a matter of fact, the site seems to be listed on some hackers paradise listing somewhere. Some days, there’s as amny as 50 to 60 bruter force attempts to login with Wordfence blcking the ip address. Once it was so bad, it overwhelmed by 175 emails an hour limit. Wordfence has kept the site safe since I implemented it even being listed as it is…. so far…… Doc

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.