In order to limit the impact of the exploit when looking at a solution, I have written a small plugin that checks the .htaccess file content every hour and restores the correct file if it has been modified. <?php /* * Plugin Name: Fight the exploit * Author: Fabien Quatravaux * Version: 1.0 */ register_activation_hook( … Read more
Well if your concern is about the theme and data stored in the database, I suggest you also start with a “new install” of the theme. And as far as the DB goes, I’ve had a similar experience where I took the hacked DB and installed it on my localhost, then exported the wp_users, wp_usermeta, … Read more
Your hosting place may have an IP Blocking via the cPanel; you could use that. And there are various plugins that will do it also. You could also do it with the htaccess file in the root of your WP installation; place these lines before the WordPress lines: order allow,deny deny from 127.0.0.1 allow from … Read more
As mentioned, updates are vitally important, as are good password practices. I manage many WP sites, and I check (and install) updates every day. I also have some security things that I do by default to reduce the ‘footprint’. Among them are to not have a user called ‘admin’, disable xmlrpc, strong passwrods everywhere (host, … Read more
But recent months, several sites of my clients were hacked and I’m concerned about this problem. In my experience pattern of hacks in quick succession indicates a common link. Typically it is vulnerable plugin/theme or incompetent hosting. If you do not consider the option of password brootforcing, how hackers can get access to the file … Read more
It’s good that you’ve regained access to your website, but without any further action, you’ll get hacked again. These are steps to take, in order to clean, and secure your site: do not panic ( very important ) do not remove anything yourself install and activate WordFence Security plugin in Wordfence -> Options, select everything … Read more
It gets code from a remote location (http://www.linos.cc/code.php) and stores it within a temporary file using sys_get_temp_dir() – http://php.net/manual/en/function.sys-get-temp-dir.php – and then creates a wp-tmp.php file with the before-mentioned code within your WordPress installation in the following locations: /wp-includes/wp-tmp.php and /wp-content/themes/your-theme-name/wp-tmp.php The code that’s stored in this file (http://www.linos.cc/code.php) appears to append content to your … Read more
Renaming files will not make your blog more secure. Obscurity, hiding trivial information, is not a real security concept. The index.php is safe. Make sure the file permissions are set correctly, and try to find the real security hole you had.
Spam users registers even when registration is disabled
What is this code in my theme’s footer.php causing chmod permission warnings? [closed]