help me stop wordpress hackers? - GoFuckYourself.com

jay_gghq · 07-10-2015, 12:38 PM

So my sites are being targeted by hackers. They are using my sites to send out PHP mail spam. My coder is kind of nonchalant about it and I am about to load a back up and need a way to stop this from happening in the future. Can anyone please recommend some security settings or plugins that will prevent this?

Denny · 07-10-2015, 02:21 PM

Hardening WordPress « WordPress Codex

Hardening WordPress Security: 25 Essential Plugins + Tips - Hongkiat

...

robwod · 07-10-2015, 02:26 PM

Take Denny's advice above.

Also, important to remember, your Wordpress site is only as secure as the host, so make sure your host is on top of keeping everything current. And make absolutely sure your themes and plugins are up to date and secure.

RachelBlackG · 07-10-2015, 03:12 PM

You need to look for injected code in your own php files. It's most likely automated attack which inserts code to index.php files anywhere in hierarchy or create its own (like hello.php, help.php, code.php etc.). Look for your folders with 777. Code is also most likely inserted at the very beginning of file. There can be new php file that 777 some folder which is in use of some importing script that use cron or download data from somewhere. You should also implement Cloudflare and check your logs for failed ssh login attempts. Suspicious IP's need to be blocked on regular basis. I bet they will mostly come from China. If you do not use this traffic I recommend to block it completely. You can also turn off your mail server. But it will most likely result in another different type of attack.

Plugins to consider:
Block Bad Queries (BBQ)
Brute Force Login Protection
Sucuri Security
Wordfence Security

Also: Change all users "admin" in WP to different one. Change all passwords (wp/ftp/cpanel/ssh).

Good luck!

Venum · 07-10-2015, 10:47 PM

Hardening the server security is also important.

Use good server setup, example nginx+php-fpm+mysql or mongo

Use nginx as a proxy cache to the front of the web, and keep infra behind proxy.

Babaganoosh · 07-12-2015, 07:01 AM

https://www.prontoadmin.com

What you're talking about is almost always an outdated version of Wordpress, plugins or a vulnerable theme. Check to see which directory the scripts are being uploaded to. That might give you some idea of the script that's vulnerable.

If you're on shared hosting, I see a lot of people set permissions on directories to 777 which will allow other users to write files to those directories.

CaringNeo · 07-12-2015, 09:24 PM

It happened to me before.

First thing, update your wordpress version. Check the list of users. If there is any new user with admin rights, delete the user.

Update all your plugins and themes also.
If you are using any themes or plugins dowloaded from warez sites, it could also be a problem.

07-10-2015, 12:38 PM	#1
jay_gghq Registered User Industry Role: Join Date: Dec 2012 Posts: 29	help me stop wordpress hackers? So my sites are being targeted by hackers. They are using my sites to send out PHP mail spam. My coder is kind of nonchalant about it and I am about to load a back up and need a way to stop this from happening in the future. Can anyone please recommend some security settings or plugins that will prevent this? __________________ Hot girls nude-- www.glamourgirlshq.com Hot asian-- www.Iloveelapasion.com Hot milf-- www.sunnyadams.com COMING SOON www.thehaleyryder.com TRUE 50/50 rev share on affiliate programs! Let us pay you! Contact: [email protected]

07-10-2015, 02:21 PM	#2
Denny Too lazy to set a custom title Industry Role: Join Date: Feb 2005 Posts: 17,167	Hardening WordPress « WordPress Codex Hardening WordPress Security: 25 Essential Plugins + Tips - Hongkiat ... __________________

07-10-2015, 02:26 PM	#3
robwod Confirmed User Industry Role: Join Date: Nov 2005 Posts: 2,539	Take Denny's advice above. Also, important to remember, your Wordpress site is only as secure as the host, so make sure your host is on top of keeping everything current. And make absolutely sure your themes and plugins are up to date and secure. __________________ NSFW

07-12-2015, 07:01 AM	#6
Babaganoosh ♥♥♥ Likes Hugs ♥♥♥ Industry Role: Join Date: Nov 2001 Location: /home Posts: 15,841	https://www.prontoadmin.com What you're talking about is almost always an outdated version of Wordpress, plugins or a vulnerable theme. Check to see which directory the scripts are being uploaded to. That might give you some idea of the script that's vulnerable. If you're on shared hosting, I see a lot of people set permissions on directories to 777 which will allow other users to write files to those directories. __________________ I like pie.

07-12-2015, 09:24 PM	#7
CaringNeo Registered User Join Date: Jun 2004 Location: Asia Posts: 29	It happened to me before. First thing, update your wordpress version. Check the list of users. If there is any new user with admin rights, delete the user. Update all your plugins and themes also. If you are using any themes or plugins dowloaded from warez sites, it could also be a problem. __________________

07-10-2015, 03:12 PM	#4
RachelBlackG Elysium Industry Role: Join Date: Feb 2011 Location: Prague Posts: 1,037	You need to look for injected code in your own php files. It's most likely automated attack which inserts code to index.php files anywhere in hierarchy or create its own (like hello.php, help.php, code.php etc.). Look for your folders with 777. Code is also most likely inserted at the very beginning of file. There can be new php file that 777 some folder which is in use of some importing script that use cron or download data from somewhere. You should also implement Cloudflare and check your logs for failed ssh login attempts. Suspicious IP's need to be blocked on regular basis. I bet they will mostly come from China. If you do not use this traffic I recommend to block it completely. You can also turn off your mail server. But it will most likely result in another different type of attack. Plugins to consider: Block Bad Queries (BBQ) Brute Force Login Protection Sucuri Security Wordfence Security Also: Change all users "admin" in WP to different one. Change all passwords (wp/ftp/cpanel/ssh). Good luck!

07-10-2015, 10:47 PM	#5
Venum Confirmed User Industry Role: Join Date: Nov 2014 Posts: 182	Hardening the server security is also important. Use good server setup, example nginx+php-fpm+mysql or mongo Use nginx as a proxy cache to the front of the web, and keep infra behind proxy.