My site was hacked

  • I recieved the email below and shortly thereafter I started to have someone hack the site change my passwords and do some other very annoying things.
    I own two Christian websites and can’t have certain info on my sites.
    I have done everything suggested in the “Hardening WordPress” I have blocked this person’s ip on my server IP- “xxx” (I’m posting their ip because they have done a brute force attack 14 times on my sites. I have added the plugins “Wordfence Security – Firewall & Malware Scan”, “All In One WP Security & Firewall” and “iThemes Security (formerly Better WP Security)” as I was told each one offers a different form of website security. I bought an SSL. I have made my wp-config.php file and htaccess files unwriteable. I have changed the UserID in my phpAdmin file. I have change the name and put a redirect for my wp-content file. I have changed the name and password for my control panel on my server. I have reset my computer twice to factory settings. And yet this person still gets into my sites. If anyone has any suggestions or is experiencing the same problem please reach out thanks. I’m not publishing my website address as I’m scared to because I’m not sure who this person is or where they lurk.
    Just a side note I have a blog that uses “Serendipity” and another blog that uses “b2evolution” I’ve had them for years and they’ve never been hacked. I started transferring my sites to WP because I felt its such a more superior platform. Please help I’m perplexed as to what to do. I’m not tech savvy I only know through trail, error, and google. LOL.
    Here’s the original email:
    [ Redacted ]

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter jaden90008

    (@jaden90008)

    I have not contacted this person as I am scared to email them as they will have my ip address and I don’t need them to have that info.

    I wouldn’t email this person back as they are probably the problem. There’s just not enough info here for me to help you much.

    Are you sure you were really even hacked? Or did some random person just send you an email to scare you?

    What theme are you running?

    What plugins are you running other than the security plugins. I usually just run WordFence and iThemes Security together. They overlap and work well together.

    What does your ISP say? Who is your host?

    Are you on CloudFlare?

    Work your way through this https://codex.www.ads-software.com/Hardening_WordPress.

    Do make sure you’ve worked your way through the setup for both WordFence and iThemes Security. They do need a little more than just activation.

    Sure would have helped if I’d of had the domain name and could run a few tests from here.

    • This reply was modified 6 years, 5 months ago by JNashHawkins.
    • This reply was modified 6 years, 5 months ago by JNashHawkins.
    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    @jaden90008 Just ignore that email. It’s only spam.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Also, use just ONE security plugin. If you install a bunch, they’re going to fight and probably slow down your site.

    Thread Starter jaden90008

    (@jaden90008)

    Yes, I’m sure they attacked my site. They changed my passwords, changed login pages, put files in that I never created ect.

    Thread Starter jaden90008

    (@jaden90008)

    @sterndata out of the three that I’m using is there one that you would suggest I keep

    Thread Starter jaden90008

    (@jaden90008)

    1. @jnashhawkins, @sterndata, @jdembowski I apologize I didn’t even say thank you for replying so quickly to my post. So thank you so much for replying to my post and for giving me suggestions.

    2. @jnashhawkins, I did work through https://codex.www.ads-software.com/Hardening_WordPress It was awesome as it helped me and I knew nothing.

    3. I go through another host called: https://www.jumpline.com/

    4. I am desperate and will do just about anything you suggest. Currently I still have WordFence and iThemes Security activated I worked through the settings and customizations. I have deactivated All In One WP Security.

    5.I’m using Divi theme and plugins :
    Additional PLUGINS:
    Admin Menu Tree Page View
    Better Search Replace
    Block Bad Queries (BBQ)
    Coming Soon Page & Maintenance Mode by SeedProd
    Image Widget
    Login LockDown
    Login Security Solution
    No Page Comment
    Upload Max File Size
    Visual Form Builder Pro
    WordPress Importer
    WP Edit

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    I use WordFence on all my clients’ sites.

    Thread Starter jaden90008

    (@jaden90008)

    Thanks

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘My site was hacked’ is closed to new replies.