WordPress security?

Lately our website has been getting hacked A LOT.

That’s not good.

All file permissions are set to 644 and all folder permissions are set to 755.

…

And still after all this, we’re still receiving base64 strings in our .php files (We did stop receiving Malware, so I guess our security has been upgraded slightly).

Give these a read. You may (probably are) still be infected and haven’t deloused your WordPress properly.

https://sitecheck.sucuri.net/scanner/

https://codex.www.ads-software.com/Hardening_WordPress

https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Good luck.

sounds like “they’re” still in your files somewhere. did you change the permissions, wordpress admin/password, and tables after the first time you were hacked? if so, go through all the links that Jan suggested.

Hello,

Thank you for your swift responses.

Every time we got hacked I put back a backup from a few days earlier, i’ve never really bothered cleaning it up.

Sucuri Scanner didn’t even find the base64 codes last time, then when I went to check our theme files with the Antivirus plugin pretty much every file was infected, so I’m not really sure what I should and what I shouldn’t use anymore.

Is it possible to hack a site and place a script to activate and place base64 strings after a few days? because every backup I’ve placed back into the site has been clean, and a few days later it would be infected again.

Have you done a completely clean reinstall of the entire wordpress structure? Not just your theme, but everything? Also, there could be some files either hiding on your server or in your database. I would also use phpmyadmin to see what’s in your database. Check to see if there are any new tables too…

Every time we got hacked … i’ve never really bothered cleaning it up.

Restoring a couple day old backup just leaves you vulnerable. It’s why you still get hacked; you’ve not closed the door on the attacker.

Give those posts a read, they can really help you figure out what happened and what to do about it.

Jan’s right. They were probably playing with your site before you became aware of it. That’s the problem. I’d start with a completely clean fresh install of wp 3.3.1 with new credentials, and take a look at your theme when you first installed it.

If it’s a free theme, I’d be very careful. If it was a purchased theme or you designed it yourself, then you might be OK but don’t use anything that you’ve downloaded recently from the server. Hopefully, you have a local copy that is original.