- Local time
- Today, 23:51
- Joined
- Sep 28, 1999
- Messages
- 8,027
I've been in a running battle with a hacker where I fix my WordPress site, run the security scans and then the following day find another piece of malware. Well, fingers-crossed, I think I might have finally defeated them. The site in question is a combination of WordPress and vBulletin 4. It was only after looking at some plugins in vBulletin 4 that I see the hacker added their own malware plugins. So, I deleted them. Then I found some more malware hidden in various directories in vBulletin.
Next, I changed my login details to cpanel. The final result is no hacks for the last couple of days. Before, I would fix it and then it would be hacked again the following day. I think they must have bots that check to see if they have been locked out. Alternatively, it could be that if you have a vulnerability, the constant stream of hackers will find a way in. I think it is more likely to be the former than the latter.
No doubt all my low priority WordPress sites are hacked to pieces. I will get to them eventually. I get dopamine hits when I eventually lock them out for good.
Next, I changed my login details to cpanel. The final result is no hacks for the last couple of days. Before, I would fix it and then it would be hacked again the following day. I think they must have bots that check to see if they have been locked out. Alternatively, it could be that if you have a vulnerability, the constant stream of hackers will find a way in. I think it is more likely to be the former than the latter.
No doubt all my low priority WordPress sites are hacked to pieces. I will get to them eventually. I get dopamine hits when I eventually lock them out for good.