Two of My WP Websites Got Hacked Today

[Ed Guerena]

I woke up this morning to an email alert from Google that they had shut down two of my WP websites because someone had penetrated them and installed "infectious" malware on them.

I am blocked from going into my dashboard.  My Google search results On Page One have a warning on them that my website could damage people's computers.

I am going about stripping the WP folders and uploading my backup files.  I think I have an idea on how to restore my sites.  Maybe.  I'm not sure if replacing my folder will get me back in to my dashboard or ...whatever else.  Any ideas?

My main concern right now is finding a way to prevent this from occurring to my other sites.  Can anybody share ideas one how to do this?  A software perhaps?

Ed Guerena

[TheShoe]

hxxp://wpmassupdater.com/

It's not mine, but I know the developer.

[GraphicBass]

Before you go through a lot of effort, take a look at your footer.php file in the theme. There may be malicious code in there. Could be as simple as a 1-line link to a bad website, or lots of encrypted code. Nothing in the footer of a theme should be encrypted; if it is, don't use the theme.

Then make sure your folder have the proper permissions set. I had some site hacked because I was working on the footer file and left the permissions too loose. Of course a hacker got in.

Here's a link about WP permissions: http://codex.wordpress.org/Hardening_WordPress

Basically, all folders should be 755, except image folders, which are 644.

Also, the Gold Vault contains WordPress Lockdown, which is a pretty good survey of security precautions you can take.

Just my $.02.

gary

[Ed Guerena]

Thanks for the advice guys.  I really appreciate it.

I've just about got the first site back up with a clean upload of my back up files.

Ed

[KarenMcG]

Ed,

Glad to hear you're slowly but surely getting your sites back.

Gary, thank you for chiming in with your suggestions regarding encrypted footers, etc.

Karen