Suffered a trojan virus attack on Wordpress themes - how stop it happening again?

Azam · December 15, 2015, 5:09pm

We suffered a trojan attack recently on themes in our Wordpress hosting account. Here were the findings:

httpdocs-hacked/wp-content/themes/twentytwelve/404.php: {HEX}php.nested.bf404.538.UNOFFICIAL
FOUND

httpdocs-hacked/wp-content/themes/twentytwelve/alsa-sound.so:
Unix.Trojan.Roopre FOUND

httpdocs-hacked/wp-content/themes/twentyfourteen/404.php:
{HEX}php.nested.bf404.538.UNOFFICIAL FOUND

After a lot of headache we’ve thankfully managed to restore the Wordpress website. We have deleted the above themes completely as they were not being used anyway. Alongside ensuring that Wordpress, the remaining theme and all plugins are regularly updated to the latest versions, what else can we can do to reduce the chances of this occurring again please?

For example, are there any read/write amends we can do to the theme folders / files?

Thank you.

Gandalf · December 15, 2015, 5:15pm

Not that it answers your query but might this account for your database not working?

pdxSherpa · December 15, 2015, 11:41pm

have not seen this yet.
But it is from wordcamp

oddz · December 16, 2015, 12:19am

Install and configure the apache module mod_security.

Azam · December 17, 2015, 9:13pm

Thanks a lot for the advice guys.

I’m implemented lots of security measures. In case it’s of any use to other Wordpress users, there are some great free security plugins here which you may wish to add to your sites to protect them.

system · March 18, 2016, 4:16am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.