Hi,
Today when I went to one of my web sites I noticed that someone posted a new photo right on the front page, but I’m the only user, but to my surprise they also left a message that says Hacked by bla bla bla, I went and login into WP and It looks like the password was deleted (they left it without a password) so I had no problems logging-in, I checked all pages and it looks like the only one they play around with was the main page, I edited this page and I was able to restored my preview page content by going to the history changes. I was so happy learning WP, creating themes and actually recommending it to one of my clients but now what do I tell him, that someday the site may disappear or hacked, I’m a little scare since I don’t know much about security.
This is the message they left: http://tu-design.com/Images/hacked-message.png
I was reading about security for WP (Digging into WP) and it looks like there are a lot of options to secure your site.
1- Any suggestion on what to do after your site has been hacked?
2- What are the first steps you go through to make WordPress more secure when you create a site for a client and be confident that it is secured?
3- What do you tell the client, do you let him know about the risks?
Thanks a lot!
I always try to make sure my sites are running the latest version of WordPress that way any security bugs they fixed are also fixed on your sites. Other than that I haven’t (knocking on wood) had that problem. Please let us know what you find out to close up any holes. Good luck.
.
There are three ways someone could break into your WordPress site.
- If you are running an old version of WordPress then they can use the known security holes in that version to break in. To avoid that you need to keep right up to date.
- If you are running a poorly written plugin then they may be able to use that to break in. You need to be careful about what plugins you use and keep them to a minimum and also keep those you do use up to date.
- If they can compromise your computer then they could gain access to it that way. You need to make sure your own computer is properly protected to prevent that happening.
First of all thank you all for your advice.
- If you are running a poorly written plugin then they may be able to use that to break in. You need to be careful about what plugins you use and keep them to a minimum and also keep those you do use up to date.
How do I know if certain plugins are poorly written plugins?
- If you are running an old version of WordPress then they can use the known security holes in that version to break in. To avoid that you need to keep right up to date
What if this is a site you don’t have access any more, is this something the client needs to be doing (updating it).
Is there a way to know where the hackers found the opened door?
Thanks a lot
That can be difficult. If it is a popular plugin that lots of people are using then it is unlikely to have security holes. If it is not a very popular one then it might or might not be properly written. How often it gets updated might also help since if it is updated more frequently then it is less likely to have issues.
Yes. Fortunately the automatic upgrade plugin got built into WordPress a few versions back so running upgrades of WordPress and the plugins are now just a couple of mouse clicks and no loger as complicated as they used to be.
Not unless you can find reports of the particular version of WordPress or the version of a plugin you are using which is identified as having a problem similar to what you saw.
Thanks a lot for your suggestions! love this forum!
1.) ALWAYS use the latest versions of the WP core AND your plugins
2.) Create a new acount and DELETE the admin account as soon as you create your site
2.) Keep plugins to a minimum. After all, do you really need all those wiz-bang features? Are they adding anything to your product?
3.) Plugins like login lockdown can help.
4.) Make daily backups of your database
5.) Watch your site. This is probably most important. Go on at least daily and see what’s happening. Watch the logs, the content, etc. You can learn a lot by doing this.
No matter what “locks” you place on your site or host, nothing will replace you as a person. Keeping an extra hashed password on hand as well a recent database background can go a long way to helping you keep your site running.
Thank a lot for the good advice!
Excuse my ignorance but where can I find the logs?
Thanks
