Website keeps being hacked

  • My website seems to be the target of professional malware idiots. I have only two plugins, Wordfence and Disable XML-RPC. Theme is 2011. Everything is up to date, passwords are strong. Admin is no longer called ‘admin’ and so on. Yet somehow they are getting into various files and adding further code, or complete files in CGI-BIN and scriptsl. Any idea what I can do to keep them out. I am getting tired of fixing the site every couple of days. Wordfence (free version) does seem to find various corrupted files, which I either repair or delete, but it is after the event.
    Thanks.

    Dave.

Viewing 1 replies (of 1 total)

  • What you might want to do is add iThemesSecurity to your website as that will work well with your WordFence… Those two plugins work well together and cover things slightly differently.

    https://www.ads-software.com/plugins/better-wp-security/

    Also, your server could be the source of the attacks but I can’t see your site as you didn’t include the URL so I can’t look.

    If you are running any ‘nulled’ themes or plugins then keep in mind those are a big source of many security issues.

    Sucuri is another plugin you might want to install, run it for a time, and then disable it but maybe keep at the ready in case you need it again.

    https://www.ads-software.com/plugins/sucuri-scanner/

    I say disable it as I’ve never left it running with the other two plugins and that is most likely overkill for day to day operations but works really good to ‘doublecheck’ things.

    Another thing that might help is to run Cloudflare as their DNS is better than most web host’s DNS, they provide a good layer of DDOS protection, and, as long as you have the proxy there enabled, that will hide and separate your IP from the web a good bit.

    Once you get your site cleaned up you might read over this document and follow the suggestions there.

    https://www.ads-software.com/support/article/hardening-wordpress/

Viewing 1 replies (of 1 total)
  • The topic ‘Website keeps being hacked’ is closed to new replies.