Site hacked today | WordPress.org

[ad_1]

Hi @pattycake22

Thanks for reaching out!

Having multiple security plugins at the same time can actually work against each other with different conflicts and make your site weaker.

Wordfence protects against a vast variety of web attacks. Whether you were hacked because of an unknown attack method or because there is some other issue in your system is hard to say. Some plugins contain vulnerabilities that are new (commonly referred to as “zero days”) and no one has written a signature for it yet . The same goes for servers. 

Regarding how they gained entry, here are some possible scenarios:

  1. Are there other sites hosted on the same hosting account? If so, they could have been infected and spread the infection to this site
  2. You may be using a plugin or theme with a vulnerability that is so severe that we cannot protect against it
  3. Your wp-config.php file is readable to the hacker, either directly via your account, via a vulnerable plugin or via another hacked site on the same server
  4. The hosting accounts on the server are not properly isolated on the server so the hacker has access to your database via another user’s database
  5. The server software has vulnerabilities that allow the hacker to get root access
  6. You were actually hacked many months ago, but the backdoor was not activated until now
  7. You have a compromised hosting account (Change your password immediately)
  8. You have  a compromised FTP/SSH account (Remove any accounts you don’t need and change the passwords on the ones you do)

As you can see, there are many ways that your site could be compromised. We can only protect you from attacks directly on your website.

I hope this helps to clarify.

Thanks,

Joshua

>Having multiple security plugins at the same time can actually work against each other with different conflicts and make your site weaker.

I like Sucuri’s alert system better – they notify of both failed and successful logins. The reason Wordfence might not be alerting could be because Sucuri is grabbing them before Wordfence. I’ll disable Sucuri and see if it alerts as well as Sucuri. Thanks for the reply.

btw: the hack was due to a hacked cpanel access and then using File Manager to upload the malware – not via the site itself so my confidence in Wordfence is again renewed. All cpanel passwords have been changed to those that are generated by the system – no more simple passwords.

We can consider this post as “solved, resolved, and closed”… until next time 🙁

  • This reply was modified 1 hour, 15 minutes ago by pattycake22.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer