newly installed version 4.6.1 hacked

  • We have installed wordpress on our site with latest version 4.6.1 on our newly registered website.

    It was hacked by “Hacked By Anonymous Ghost Gaza”,

    site was hacked even though security plugin, limit failed login & Captcha plugin etc installed.

    Is there any unknown bug in core version? or some other issues?
    Can anyone guide us further in to matter?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter niraj_karia

    (@niraj_karia)

    Many wordpress sites were hacked in same server so it wont be single brute force attack but seems some application level attack.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    What has your host said?

    Thread Starter niraj_karia

    (@niraj_karia)

    No much information from host but only WordPress websites hacked….other like joomla, opencart, custom php sites didnot affected.

    Any guidance please.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    If many sites on your host were hacked and your host is not giving you good information about what happened and what they’re doing to fix things and prevent such attacks in the future, it’s time to find a new host.

    Thread Starter niraj_karia

    (@niraj_karia)

    question is, why other open sourced sites not hacked in such case. there might possibility of unknown bug in ver 4.6.1, it seems that attack on application level, and not server level.

    Any guidance for what to check and how to resolve/prevent such things?

    Thanks in advance.

    I also got hacked and I am running a Linode. I am running 4.6.1 and only the Akismet and Jetpack addins. The intruder was able to replace the index.php and wp-login.php files. So far, I have not been able to figure out how he got in.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘newly installed version 4.6.1 hacked’ is closed to new replies.