coldasice — 2012-10-25T04:29:20-04:00 — #1
I designed a wordpress site for a high school and although I have left working on it, the person that has taken over has come to me for advice from time to time. This website was my first and it ran for over a year with no problems.
However, recently my collegue discovered that strange meta tags being displayed when searching for the site on bing and now some pages are being blocked by the work security websense. Going into the ftp and viewing the pages we have discovered this code is being run.
This is in lots of the pages hidden. My collegue has deleted this code from most of the pages yesterday but has found that it has returned this morning. I also installed Better WP Security and OSE Firewall last week after the problems started. I set up the E-Mail alerts. Only last night between 22:30 last night and 09:00 this morning I have received 915 firewall alerts.
Example of the E-Mail below:
08:30 (47 minutes ago)
FROM IP: http://whois.domaintools.com/188.8.131.52
I have no idea if this is normal or something to be worried about. Really not sure where to go from here? Any advice/help would be greatly appreciated.
technobear — 2012-10-25T05:38:52-04:00 — #2
Hi ColdAsIce and welcome to the forums.
I don't use WP, so I can't help directly with that. However, we had a recent thread on a similar theme which might help: http://www.sitepoint.com/forums/showthread.php?866712-My-Site-s-Been-Hacked!
If you haven't already done so, then change all the passwords for the site and make sure you use strong passwords.
coastweb — 2012-10-25T06:09:54-04:00 — #3
What version of wp is it running? Has it been updated to the latest version? If any plugins/mods are used, have they also been updated?
Hacks often occur because people are running older versions with known vulnerabilities that are exploited by hackers or automated bots.
dklynn — 2012-10-26T05:20:54-04:00 — #4
What CoastWeb said (keep WP updated ... IMMEDIATELY ... OR suffer the consequences).
Be sure to use VERY STRONG passwords for your ADMIN account (WP admin). Now that you've been hacked, be sure that you don't have other accounts with admin permissions. Finally, WHY use admin as the admin's directory name? Security by obfuscation is hardly any security at all but you don't need to make things easier for hackers, either.
cheesedude — 2012-10-28T16:15:32-04:00 — #5
When hackers get into an account, they often place backdoors in various places so that they can get back in if the original exploit is discovered. There are a number of ways this hosting account could have been compromised. It could occur at the host level, a vulnerability in some software the host is running, the result of the account holder using an insecure password, or an insecure, outdated version of Wordpress or some other type of script running on the account.
2ndmouse — 2012-10-29T06:10:35-04:00 — #6
Ditto all of the above. You might also try Wordfence Security. Specially designed for Wordpress sites.
You can download it here, or search for the plugin in the WP control panel.
stevpetersonn — 2012-12-29T08:37:55-05:00 — #7
wordpress is opensource and easy for hackers to hack u should check tip here wp security techniques.
ideamine — 2013-01-05T10:09:46-05:00 — #8
Hide your wordpress version (Delete the readme.html too)
Prevent wordpress directory browsing
Check the permissions
Wordfence and Exploit Scanner plugins will be helpful.
technobear — 2013-01-05T10:21:11-05:00 — #9
As the OP has not returned in over two months, I think we can safely close this thread.
Thanks to all who took the trouble to respond.