Author Topic: Two of My WP Websites Got Hacked Today  (Read 1644 times)

Ed Guerena

  • Guest
Two of My WP Websites Got Hacked Today
« on: April 28, 2011, 10:09:03 PM »
I woke up this morning to an email alert from Google that they had shut down two of my WP websites because someone had penetrated them and installed "infectious" malware on them.

I am blocked from going into my dashboard.  My Google search results On Page One have a warning on them that my website could damage people's computers.

I am going about stripping the WP folders and uploading my backup files.  I think I have an idea on how to restore my sites.  Maybe.  I'm not sure if replacing my folder will get me back in to my dashboard or ...whatever else.  Any ideas?

My main concern right now is finding a way to prevent this from occurring to my other sites.  Can anybody share ideas one how to do this?  A software perhaps?

Ed Guerena



TheShoe

  • Guest
Re: Two of My WP Websites Got Hacked Today
« Reply #1 on: April 28, 2011, 10:56:28 PM »
hxxp://wpmassupdater.com/

It's not mine, but I know the developer.

Offline GraphicBass

  • Sr. Member
  • Posts: 440
    • View Profile
    • Wells-Smith Partners, Publishers
Re: Two of My WP Websites Got Hacked Today
« Reply #2 on: April 29, 2011, 12:13:18 AM »
Before you go through a lot of effort, take a look at your footer.php file in the theme. There may be malicious code in there. Could be as simple as a 1-line link to a bad website, or lots of encrypted code. Nothing in the footer of a theme should be encrypted; if it is, don't use the theme.

Then make sure your folder have the proper permissions set. I had some site hacked because I was working on the footer file and left the permissions too loose. Of course a hacker got in.

Here's a link about WP permissions: http://codex.wordpress.org/Hardening_WordPress

Basically, all folders should be 755, except image folders, which are 644.

Also, the Gold Vault contains WordPress Lockdown, which is a pretty good survey of security precautions you can take.

Just my $.02.

gary
Gary Smith,  Wells-Smith Partners, Publisher
<a href="http://www.YourEmployeeHandbook.com/become-an-affiliate/">Your Employee Handbook Affiliate Program 60% commission, average sale $57</a>

Ed Guerena

  • Guest
Re: Two of My WP Websites Got Hacked Today
« Reply #3 on: April 30, 2011, 05:55:57 PM »
Thanks for the advice guys.  I really appreciate it.

I've just about got the first site back up with a clean upload of my back up files.

Ed

Offline KarenMcG

  • Sr Member
  • Posts: 3,751
    • View Profile
Re: Two of My WP Websites Got Hacked Today
« Reply #4 on: May 01, 2011, 12:23:42 PM »
Ed,

Glad to hear you're slowly but surely getting your sites back.

Gary, thank you for chiming in with your suggestions regarding encrypted footers, etc.

Karen