My WordPress hack woes (1 Viewer)

Jon

Access World Site Owner
Staff member
Local time
Today, 13:30
Joined
Sep 28, 1999
Messages
7,303
I've been in a running battle with a hacker where I fix my WordPress site, run the security scans and then the following day find another piece of malware. Well, fingers-crossed, I think I might have finally defeated them. The site in question is a combination of WordPress and vBulletin 4. It was only after looking at some plugins in vBulletin 4 that I see the hacker added their own malware plugins. So, I deleted them. Then I found some more malware hidden in various directories in vBulletin.

Next, I changed my login details to cpanel. The final result is no hacks for the last couple of days. Before, I would fix it and then it would be hacked again the following day. I think they must have bots that check to see if they have been locked out. Alternatively, it could be that if you have a vulnerability, the constant stream of hackers will find a way in. I think it is more likely to be the former than the latter.

No doubt all my low priority WordPress sites are hacked to pieces. I will get to them eventually. I get dopamine hits when I eventually lock them out for good.
 

Isaac

Lifelong Learner
Local time
Today, 06:30
Joined
Mar 14, 2017
Messages
8,738
I'm sorry to hear of those troubles. I'm glad you made some headway. Best of luck in keeping them out!
 

Jon

Access World Site Owner
Staff member
Local time
Today, 13:30
Joined
Sep 28, 1999
Messages
7,303
Thanks Isaac. It is a bit like an arms race. Exploits get found, hackers hack them, the security companies plug the leaks. Then onto the next round.
 

conception_native_0123

Well-known member
Local time
Today, 08:30
Joined
Mar 13, 2021
Messages
1,826
Thanks Isaac. It is a bit like an arms race. Exploits get found, hackers hack them, the security companies plug the leaks. Then onto the next round.

do you do back ups of the site before the automatica updates runs? i turn mine off because of this reason.
 

Jon

Access World Site Owner
Staff member
Local time
Today, 13:30
Joined
Sep 28, 1999
Messages
7,303
My WordPress installation is updated before I even know there is an update. It is how WordPress works now.
 

conception_native_0123

Well-known member
Local time
Today, 08:30
Joined
Mar 13, 2021
Messages
1,826
yes i know. but with hosting company you have ability to be notified if there is update available. then you can manually run it. this should prevent hackers from getting you because they already inside the wordpress platform to begin with. just like microsoft solarwinds and google
 

Jon

Access World Site Owner
Staff member
Local time
Today, 13:30
Joined
Sep 28, 1999
Messages
7,303
I don't understand you. WordPress is set for auto update. Why do it manually?
 

Jon

Access World Site Owner
Staff member
Local time
Today, 13:30
Joined
Sep 28, 1999
Messages
7,303
But what is the advantage of doing it manually?
 

conception_native_0123

Well-known member
Local time
Today, 08:30
Joined
Mar 13, 2021
Messages
1,826
i do not know. i just do it that way so hackers dont get in, in scenario where they are already hooked to the wordpress platform and any of it rollouts in form of updates. if that is case, then no surprise that hacking is happening as soon as updates are given. wordpress team probably doesnt check it often enough. i guess. i dont check my systems enough really. but, if fbi can hack into microsoft exchange server software....


then hackers should be able to get inside wordpress networks and sit in it. shouldnt they? but fbi and cia i think are layered on top of public company networks because they set up from beginning when internet was created. i think that is right because that was in the news long times ago.
 

The_Doc_Man

Immoderate Moderator
Staff member
Local time
Today, 08:30
Joined
Feb 28, 2001
Messages
26,999
Jon, from the U.S. Navy's perspective, manual updates give you the chance to choose the order in which you do other maintenance. E.g. - do a security scan FIRST and diddle away the hacks. Then do a backup. Then do the patch, with that understanding that if the patch fails, you have a clean copy to which you can return. Then again, the U.S. Navy had procedures for EVERYTHING whether you wanted to apply them or not.
 

conception_native_0123

Well-known member
Local time
Today, 08:30
Joined
Mar 13, 2021
Messages
1,826
Then do the patch, with that understanding that if the patch fails, you have a clean copy to which you can return.

i have never had opportunity to backup a wordpress site. how difficult is it? do all files have to be deleted off server first and reupload? or is it just uninstall and then reinstall?
 

Jon

Access World Site Owner
Staff member
Local time
Today, 13:30
Joined
Sep 28, 1999
Messages
7,303
Jon, from the U.S. Navy's perspective, manual updates give you the chance to choose the order in which you do other maintenance. E.g. - do a security scan FIRST and diddle away the hacks. Then do a backup. Then do the patch, with that understanding that if the patch fails, you have a clean copy to which you can return. Then again, the U.S. Navy had procedures for EVERYTHING whether you wanted to apply them or not.
The security scans are automated too.

When you have lots of sites with lots of plugins, to do it the manual way would take hours every day. Then there is no time left to earn a living. Security software will alert you to file changes. No need to keep loggin in. Automation = smart.
 

conception_native_0123

Well-known member
Local time
Today, 08:30
Joined
Mar 13, 2021
Messages
1,826
back to my last point. it is one way that business might look at as self destructive. if one gets success everyone follow and do the bad things to get what they dont have. right?
 

Jon

Access World Site Owner
Staff member
Local time
Today, 13:30
Joined
Sep 28, 1999
Messages
7,303
I believe it is the opposite. Before, I never had time to check all sites, look at plugins. The sites were hacked to death. Now it is all automated, I have zero hacks.
 

conception_native_0123

Well-known member
Local time
Today, 08:30
Joined
Mar 13, 2021
Messages
1,826
i agree with you. i do not own many sites so i do not know. but automation inevitable anyway. it might not be long to get total protection though. did you read news about holy grail of encryption? it was while ago


 

Users who are viewing this thread

Top Bottom