My site got hacked!

[sander k]

My wordpress site got hacked about a week ago!
Does it help to add a password to the /WP-admin/ folder next time I use it?

There was some arabic text on it with a link, deleted that and the admin account throught the mysql database.

 

[deanhills]

Really sorry to hear that happened to you. I've heard of so many people who have had their Word Press sites hacked. I found these useful hints to protect a Word Press site from hacking . I'm sure they must be very basic ones for you, but worthwhile checking out any way:
http://www.netmagazine.com/features/10-simple-ways-secure-your-wordpress-site

 

[brewer_99]

I apologize to hear your issue. Do you have backup? If yes, please just restore it... If you dont have previous backup, it will be very difficult.

 

[sander k]

Yes, I make remotely hosted backups daily for my clients.
But then it will be hacked again and again.

Thanks for the tips deanhills.

 

[Sitebee]

Sorry to hear that dude, I`ve had wp sites attacked recently myself, they rewrote the htaccess file and dumped a load of links for the purpose of promoting other domains.

In my experience they usually try to crack your website through unsecured / outdated plugins.

Keep an eye on the traffic to wp-admin / wp-login if it`s high then some person/s are trying to crack into your website. Also remove "Remember me" from the login page.

 

[sander k]

Thanks, will give that a try.

 

[Host Dingle]

Really sad news. Please from next time use wordpress security plugin. Make the wp-admin folder password protected and try to take backup weekly. It is most essential. It can helps you a lot when all step fails.

 

[iBrightDev]

dude, install WordFence. it is free and you can set it to auto block IPs after a certain number of attempts of logging in. Mine is set to 4 attempts, then blocks them for 30 days. in that 30 days, i will go perm block them. saved me from being hacked a number of times.

 

[sander k]

Wordfence was installed on it, but I find it hard to setup.

 

[iBrightDev]

i find it easy. maybe reach out to me on one of my messengers and i can help you. also, make sure you have a secure password. always make sure to use a capital letter, a number, and try to use at lease one special character even.

example...
@dM1n08!
for admin08!

or spell things out with even more obscure things, like
i|3|2ig|-|t
for iBright

make yourself a library of things to use for certain letters. this way you are more secure...

a = @
A = /-\
b = 6
B = |3
c = c
C = C
d = d
D = |)
e = e
E = 3 (backwards E)
f = f
F = F
g = 9
G = G
h = 4 (upside down & backwards h)
H = |-|
i = i
I = |
j = j
J = J
k = |<
K = |<
l = l
L = 7 (upside down L)
m = m
M = |\/|
n = n
N = |\|
o = 0
O = 0
p = p
P = P
q = q
Q = Q
r = r
R = |2
s = $
S = $
t = +
T = +
u = u
U = U
v = v
V = \/
w = w
W = |/\|
x = x
X = ><
y = y
Y = Y
z = 2
Z = 2

 

[sander k]

Awesome list, thanks.
I will contact you through PM when my website is about ready (not the one in my signature btw).

 

[iBrightDev]

no problem man. hope it helps you create more secure passwords.

 

[sander k]

Looks like my site was hacked through this plugin now... WTF.
Hacked again :S

2 links got in there without my admin approval :S

 

[wswd]

WP is a mess, to be honest...same with Joomla. The whole freakin' thing is a complete security nightmare. I have seen so many of those installations hacked.

 

[sander k]

I just wonder why someone would want to hack a brand new website with no backlinks in Google and no traffic, what's the point of that?

 

[iBrightDev]

it could be new or old. doesnt matter. they want to hack it so they can put malicious software on it and send people to the site, or use it to spam

 

[Dynash]

I'm starting to move away from WordPress now. I like it, but don't want to risk it... I don't need the power of WP anymore so why have it?