Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Notices

Reply
 
Thread Tools Display Modes
Old 05-06-2019, 13:32   #821
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,148
Thanks: 445
Thanked 1,573 Times in 511 Posts
> I've never had this happen before

Wordpress has grown enormously in popularity, and therefore, the 'risk' of these sites has also exploded, as more and more people try and attack them. I've only got a noddy little site, but it gets hit constantly by people trying to either log in as 'admin' or weird passwords. Annoyingly, its more popular by hackers than legitimate users! *sigh*

It really is crucial to have daily backups of the site and database.
Chris Locke is offline   Reply With Quote
Thanked once by:
ascender (05-06-2019)
Old 05-06-2019, 19:03   #822
driver8
eviscerate your memory
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 10,599
Thanks: 1,811
Thanked 2,051 Times in 867 Posts
On standard shared hosting, without any security plugins, a new WP site (updated) will likely get hacked in a few days (I did read an article about this a while ago, but cos hacked WP is such a hot SEO topic, I can't find it now!)

I use WordFence, iThemes and Sucuri all together on my sites, and have done for several years, with no apparent problems.
driver8 is offline   Reply With Quote
Old 06-06-2019, 07:34   #823
ascender
Trusted User
 
Join Date: Oct 2005
Location: Schottland
Posts: 5,153
Thanks: 182
Thanked 103 Times in 80 Posts
So, Wordfence also found some modified files which were replaced, but I got a notification last night to say an admin user had logged in from The Netherlands. So there's still a backdoor there after running that and changing passwords. Sigh...

Not entirely sure what to do next to be honest.
ascender is offline   Reply With Quote
Old 06-06-2019, 08:18   #824
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,148
Thanks: 445
Thanked 1,573 Times in 511 Posts
You have to ditch and restore. Its no different to getting a virus from downloading something. Installing 'antivirus software XYZ' may return 'no threats' but that is no guarantee you have no viruses - it just means it didn't detect anything.
Ensure all your remote passwords to the site are changed (and secure, and unique) then reinstall Wordpress with a unique admin user (so don't use the 'admin' user account - disable it) with full secure passwords/pass phrases.
'nuke from orbit ... its the only way', etc. Sorry, but the worst thing is they'll log in, change the wordpress passwords, so you'll get locked out of your own site.
Chris Locke is offline   Reply With Quote
Thanked once by:
ascender (06-06-2019)
Old 06-06-2019, 08:50   #825
driver8
eviscerate your memory
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 10,599
Thanks: 1,811
Thanked 2,051 Times in 867 Posts
Yes, the security plugins have 'hardening' options, but you could spend days messing around.

The first time I was majorly hacked was actually due to an old Drupal install that then infected WP. I spent 2 solid days cleaning up the server and databases, only to get re-infected within the week. I then paid Sucuri $100 to cleanup (it's much dearer now) which included 12 months protection. Money well-spent.

The second time I was infected was just a few months back due to a zero-day plugin exploit. Rather than wasting time, I actually switched my hosting to WPX who guarantee to fix any issues. It's early days for me, but so far the service (and site speed) have been excellent. After a day of researching all options, their services are less than half the price of their nearest competitor.

WPX Hosting - my affid (any proceeds will be donated to tdf).

Quote:
  • Fastest WP CDN - 3x Your Site Speed, Free
  • We move all your sites to us for free
  • Malware removed for you - Hackings and malware gone fast & free
  • We fix your technical issues for free, fast
  • #1 on both G2 Crowd & Trustpilot!
  • "WPX is the fastest WordPress host... with first-class support!"
driver8 is offline   Reply With Quote
Thanked 2 times by:
ascender (06-06-2019), Chris Locke (06-06-2019)
Old 06-06-2019, 08:51   #826
ascender
Trusted User
 
Join Date: Oct 2005
Location: Schottland
Posts: 5,153
Thanks: 182
Thanked 103 Times in 80 Posts
That makes perfect sense...

In terms of losing customisations, I'm assuming my child theme directory is ok to restore as-is once I've done my fresh install of everything else?

Cheeky fvckers even deleted Wordfence.

Last edited by ascender; 06-06-2019 at 14:53.
ascender is offline   Reply With Quote
Old 08-06-2019, 14:04   #827
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,148
Thanks: 445
Thanked 1,573 Times in 511 Posts
> I'm assuming my child theme directory is ok to restore as-is

I believe they're just .CSS files? If so, then yes, you should be fine. I wouldn't trust any .php files though. Again, going back to the 'infected on a PC' analogy, thats like saying, "I'll remove all the infected files, but I need Office and my Word documents, as I need them for work."
If your site has been compromised, then its probably safer (albeit overkill?) to assume everything has been 'infected' (.php files, obviously)
Chris Locke is offline   Reply With Quote
Old 12-08-2019, 08:43   #828
JonLaidlow
Scoundrel
 
Join Date: Mar 2001
Location: UK
Posts: 2,527
Thanks: 141
Thanked 136 Times in 86 Posts
Contemplating a premium theme - normally i tweak the free ones with extra css and widgets. Where's a reliable source for good themes outside of wordpress itself? There are quite a few marketplaces but not really sure how to differentiate them.
JonLaidlow is offline   Reply With Quote
Old 12-08-2019, 12:06   #829
driver8
eviscerate your memory
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 10,599
Thanks: 1,811
Thanked 2,051 Times in 867 Posts
Envato is the biggest theme store, with themes from $49-69. If price is important, some themes are offered at a launch discount ($29-39), even the big authors, and there are a couple of sales per year ... and one right now ! >> https://envato.com/birthdaysale/themes/

Most of the popular themes use a page-builder these days. They all have pros and cons, but you will likely get used to how it works, so best stick to the same one for any future themes.
driver8 is offline   Reply With Quote
Thanked once by:
JonLaidlow (13-08-2019)
Reply

Bookmarks

Tags
plugins, themes, Web Design, Wordpress

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Links not working in wordpress???? Guest 48579 Computing Forum 2 28-08-2006 04:41
How to build a website which allows others to build a site ? KeyserSoze Computing Forum 18 08-10-2005 23:14
Wanting to build a website Guest 16622 Computing Forum 8 13-07-2004 18:25

All times are GMT. The time now is 22:06.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Copyright ©2000 - 2018 Poisonous Monkey Ltd. Part of The Digital Fix Network