My site is repeatedly hacked and I can't seem to stop it

  • azure2444

    (@azure2444)


    11 years ago

    Hello, I’m so frustrated as my site at https://www.ploughinn.com is repeatedly hacked, and I’m finding it so time consuming and disruptive to keep sorting it out. I’d really appreciate some advice.

    I’ve had several WordPress sites, and never any problem before. Then around 2 months ago I built https://www.ploughinn.com and started to get hacked. After the first time I ran a deep scan on my laptop and found no problems there.

    AFter the second time I found a plug in called Wordfence. I use the latest version of WordPress and update all my plugins. Sometimes I get an email from wordfence telling me someone has tried to log in more than 10 times and are blocked out. When this happens I block their range of ips using Wordfence.

    Wordfence also tells me if the site is clean and has been saying it is with all the green ticks.

    I don’t know if they are hacking the site through wordpress or not. It is very strange. Also, why do they do it? They don’t seem to be promoting anything. And why do they repeatedly attack my site? What’s in it for them?

    As you can tell I am most frustrated by this experience, and now, on my about 6th hack (it is happening every few days now) I’m at my wits end. This latest time I got no warning from Wordfence or anything, just happened to go to my site url and find it hacked again.

    I don’t even know if this is a wordpress thing. I do change my passwords every time, and even my user ID, but I don’t know if they are getting in that way.

    If anyone can shed any light on this, and help in anyway, I’d be very grateful!

    I can restore the site after 2 or 3 hours or so by restoring a back up from my hosting provider, but what’s the point if in 2 days I get hacked all over again. Please note I’m not particularly technically literate so go easy on the more gritty technical stuff. Thanks very much!

Viewing 8 replies - 1 through 8 (of 8 total)
  • Krishna

    (@1nexus)

    You get repeatedly hacked because you did not remove all the scripts/ backdoors left by the hackers through which they can walk in freely again. While strong passwords and similar steps can help, you need to look for all the malicious scripts, strings, links, etc. and remove them. Though you may use the same themes and plugins make sure that you delete them first and upload freshly downloaded copies only. Similarly, you should delete all files and folders in your site’s server reinstall WordPress and restore your site. These are just a few things. Go through the following resources and work through them:
    https://codex.www.ads-software.com/FAQ_My_site_was_hacked
    https://www.ads-software.com/support/topic/268083#post-1065779
    https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    https://ottopress.com/2009/hacked-wordpress-backdoors/

    Anything less will probably result in the hacker walking straight back into your site again.

    Additional Resources:
    https://codex.www.ads-software.com/Hardening_WordPress
    https://sitecheck.sucuri.net/scanner/
    https://www.unmaskparasites.com/
    https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

    Thread Starter azure2444

    (@azure2444)

    Thanks Krishna, but what I don’t understand is that the plugin ‘Wordfence’ appears to be quite responsible and reliable. It scans my entire site every day and reports on dodgy scripts etc and keeps coming back completely clean. Wouldn’t any problems have been picked up in their scans?

    Or, what I’m wondering, is could this be nothing to do with wordpress, but somehow they are exploiting a weakness in my hosting provider Site5?

    CustoThemes

    (@custothemes)

    You may need to check the file permissions on your web server. Most of the time, CHMOD 777 files are the one which gets hacked as the 777 permission makes it easy for the hacker to edit your files.

    Most of the WordPress security plugins don’t check the file permission for every file and folder in the setup.

    You can do one thing, which is disallow directory browsing on your hosting account.

    Edit the .htaccess file and add the following code into it. 

    # Disable directory browsing
Options All -Indexes

    Do talk to your host and let them know that your wordpress site is hacked on regular basis. They’ll check the server logs and decide what is good solution for you.

    Krishna

    (@1nexus)

    but somehow they are exploiting a weakness in my hosting provider Site5?

    Not ruled out. Insecure server configurations and inadequate security settings at servers are often found to be responsible for such hacks.

    Thread Starter azure2444

    (@azure2444)

    Thanks again Krishna – but how would I find this out?

    There may be no need to go to the considerable effort in securing a wordpress site that may already be secure. Is there any way I can find out how I’m getting hacked?

    Site5 support are fast and friendly, but not really very forthcoming on how i’ve been hacked. When they run a security audit for me, it always comes back clean.

    Sorry to be firing off the questions but it is a great unknown for me, and I just want to sort it!

    leejosepho

    (@leejosepho)

    I use Wordfence Security and all but one of its fine features, and I also have BulletProof Security as my first line of defense and to handle that one thing I do not ask Wordfence to do since it already does so much. But where Wordfence is continually watching current traffic on the inside, BulletProof keeps all the doors tight in relation to all outside traffic hoping/trying for enter. Also, it could be a good idea to reset your passwords at your host, database and any FTP (or preferably SFTP) accounts.

    Krishna

    (@1nexus)

    Is there any way I can find out how I’m getting hacked?

    Sorry, I do not know the answer – perhaps you too will never know even if you spend your entire time to become an expert on this topic, just because hackers never use the same techniques or entry routes. They keep on changing their methods and ways to gain entry to hack sites. You can only get to know what infected your site by looking at what is in your site and remove malware and harden your site from further attacks.

    Review these links and try to protect your site:
    https://codex.www.ads-software.com/Hardening_WordPress
    https://codex.www.ads-software.com/Brute_Force_Attacks

    Thread Starter azure2444

    (@azure2444)

    Leejosepho, Custothemes and Krishna thank you all very much. I shall implement the measures you suggest. This forum has been a great resource, thanks again.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘My site is repeatedly hacked and I can't seem to stop it’ is closed to new replies.