On new server, site got hacked, permissions a bit strange? Please help

You can…

  1. Learn about file permission (on wordpress)
  2. Install WordPress Firewall plugin (version 2 for 3+ versions)
    (this dissalow access to any folder or file indirectly)
  3. Hide Your WordPress Version
  4. Try to update plugins & Wp
  5. install Login Lockdown Plugin
    (this stops any brute force attemts)
  6. Verify that your theme doesnt show “publish by $username” but shows “display name”
  7. Use secret Keys in wp-config.. Keys Generator: here
  8. Move wp-config up one directory (wordpress would look for it dont worry..)

Hope this helps… if nothing else – at least install the plugins.

A small tale.. i used to host one of my website in some 1$ per month server (cant recall its name).. anyhow, it got hacked 4 times in 6 month’s.. and i know a thing or two about wp security… nothing helped!

But – Once i left that hosting, the hacking stopped… 🙂

Have a gr8 day.

Related Posts:

  1. Folder Permissions + Security Concerns
  2. Verifying that I have fully removed a WordPress hack?
  3. If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
  4. Tips for finding SPAM links injected into the_content
  5. What should I do about hacked server?
  6. How can I find security hole in my wordpress site?
  7. How to prevent bot or someone to modify any file automatically?
  8. Securing a multi-user permission structure
  9. wp-config.php modified?
  10. Suspicious Files
  11. How to prevent wp-login brute force attack from thousand of different IP? [duplicate]
  12. What permissions should I give directories if I want to make WordPress more secure?
  13. Definitive wordpress directory ownership and permissions on linux
  14. Malware script in database post table only? [closed]
  15. Verifying that I have fully removed a WordPress hack?
  16. How can I safely hide the fact that my website runs on WordPress? [closed]
  17. How to change permissions of WordPress and/or apache on macOS securely?
  18. My WordPress Websites are always under attack
  19. How to find exploited wordpress plugin [closed]
  20. Is it safe to give wordpress directories ownership to www-data?
  21. Any known bugs that could cause disappearance of the wp_users table?
  22. Privilege escalation bugs in 2.9?
  23. Replace domain in database
  24. wp-content – permissions for files/folders created by apache
  25. Remove hacked code – out of ideas! [closed]
  26. WordPress Database Re-installed (Hacked)
  27. Verifying that I have fully removed a WordPress hack?
  28. Security: Critical backend outside of wordpress
  29. Avoid ‘uploads’ 777 permissions: Potential threat or clean solution?
  30. Should I change the default file and folder permissions?
  31. Malware/Permission bug removal?
  32. Could a user account with a stolen password compromised entire WP site?
  33. how to find the way they hacked my WP site
  34. How to stop repeated hack on header.php of custom theme? [closed]
  35. Default installation permissions for wp-config.php
  36. Is my WP site being hacked?
  37. Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]
  38. WordPress Hacks/Defacing [closed]
  39. How can I give someone server access to only duplicate and modify a site?
  40. wp-salt.php and wp-cli.yml File present in public_html folder
  41. SSL Error: unable to get local issuer certificate
  42. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  43. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  44. How to redirect all HTTP requests to HTTPS
  45. What is the difference between a cer, pvk, and pfx file?
  46. How to solve “Kernel panic – not syncing – Attempted to kill init” — without erasing any user data
  47. What’s the best approach for generating a new API key?
  48. Is it possible to decrypt SHA1
  49. Simplest two-way encryption using PHP
  50. Why does the URL http://a/%%30%30 crash Google Chrome?
  51. what is a auth_user_file.txt?
  52. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
  53. How does the SQL injection from the “Bobby Tables” XKCD comic work?
  54. Error `sec_error_revoked_certificate` when viewed in Firefox only
  55. How to view PHP on live site
  56. Convert .pfx to .cer
  57. how fix “this certificate cannot be verified up to a trusted certification authority”
  58. Can an attacker use inspect element harmfully?
  59. Where does Internet Explorer store saved passwords?
  60. How can bcrypt have built-in salts?
  61. Is moving wp-config outside the web root really beneficial?
  62. Hide the fact a site is using WordPress?
  63. Infected Files – what to do [closed]
  64. Getting a List of Currently Available Roles on a WordPress Site?
  65. WordPress 4.7.1 REST API still exposing users
  66. Can I Prevent Enumeration of Usernames?
  67. Best way to eliminate xmlrpc.php?
  68. What’s the easiest way to stop WP from ever logging me out
  69. Should I escape wordpress functions like the_title, the_excerpt, the_content
  70. Why should I use the esc_url?
  71. Should I remove install.php and install-helper.php?
  72. Prevent access or auto-delete readme.html, license.txt, wp-config-sample.php
  73. How safe / sanitized is wp_insert_posts()?
  74. Why does WordPress need my private ssh key to update?
  75. When to use esc_html and when to use sanitize_text_field?
  76. From a security standpoint, should bloginfo() or get_bloginfo() be escaped?
  77. Where to securely store API keys and passwords in WordPress?
  78. Are Nonces Useless?
  79. What are the recommended database permissions for WordPress?
  80. What is the difference between esc_html filter vs attribute_escape filter?
  81. Why escape if the_content isnt?
  82. Why does WordPress have more than one salt?
  83. Why are passwords exportable as plain text in WordPress?
  84. What is the ideal setup to address security concerns?
  85. Will there be security updates for 3.1 once 3.2 is released?
  86. What’s the difference between esc_* functions?
  87. Full path disclosure on rss-functions.php
  88. What to use instead of wp_kses() in user output
  89. How to set up fail2ban with WordFence?
  90. How do I technically prove that WordPress is secure?
  91. Are the default salts secure?
  92. is_email() VS sanitize_email()
  93. WordPress it’s cleaning a custom query_var to avoid sql injections?
  94. Which KSES should be used and when?
  95. Can someone explain the use cases of esc_html?
  96. Is there a way to force ssl on certain pages
  97. How do WordPress Nonces Work?
  98. Subscribe to email for security fixes?
  99. Close a wordpress blog – keep site as it is but prevent hacks
  100. Is WordPress vulnerable to the httpoxy?
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)