Security question, site was hacked, AGAIN

  • Client’s website was hacked, again.

    Non-wp files were injected into various subfolders, mostly, images, css, root directory of plugins. New files were created under these infected folders, along with some modification to some existing files.

    The site was hacked when site was hosted on hosting company G. The site was cleaned and moved to another hosting company S.

    So, cPanel/FTP login has been changed, MySQL database logo changed, the only thing not being changed is the wp-admin login.

    The part I don’t understand is, without FTP access, how could the hacker upload new files to the website? Or the server got hacked? Is it possible to do so with just wp-admin login? (I doubt this).

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Change the admin login, too. That may have been compromised.

    How was stuff uploaded? a vulnerability on the host, on another site on the same host, a vulnerability in a plugin? All those are possible

    Thread Starter 2bearstudio

    (@2bearstudio)

    Thank you @sterndata for the reply.

    I have asked my client to do so, but it didn’t happen. The client also refused to upgrade to latest WP version, because a code upgrade in the theme is required to compatible with 4.4.

    Add something interesting into the mix, the client ordered a HackAlert Malware Monitoring service from hosting company S, and he actually received a report yesterday saying the site was clean. But the site was hacked 2 weeks ago (by checking the timestamp).

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Put your concerns in writing for the client and then regard cleaning up his hacked site as an ongoing revenue stream. ??

    Thread Starter 2bearstudio

    (@2bearstudio)

    Thank you @sterndata for the advice.

    Hello 2bearstudio, you could also use the https cerficiate approach if you mange the server, it will costa yearly hhtps certificate, but a closer approach to your website to clients.

    If you stil have the issue, look at hardware and software firewalls.

    Regards, Fran?ois from Digico Paris

    Over 80% of all hacking situations are simply due to something not being updated.

    First, ensure all is updated to latest versions.
    Likewise, be sure all inactive plugins and themes are deleted.

    Recommend you likewise review your account for other WordPress installs or old scripts.

    Use this as your security plan of action: BUMMS
    Backups
    Updates
    Monitor
    Maintenance
    Segregation

    Doing the above regularly will eliminate bout 90% of all potential for being compromised. The other 10% we’ll leave to fate.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Security question, site was hacked, AGAIN’ is closed to new replies.