I am working on a Wordpress website hosted on Godaddy and struggling with a Malware issue.
Every now and then the webpages start displaying thousands of random links on top of the pages.
When I searched for the texts in the content files, the only place I could find them was in comet cache.
If I delete the cache files, the links go away but again come back after few days.
Can anyone please suggest how can I prevent such a scenario and what all steps I can take to secure my website from such vulnerabilties.
Many thanks in advance.
There's a number of things that could be causing it. Check all of the following to help remove security holes:
Are you running the latest version of WordPress? If not, there could be a known vulnerability that is being exploited.
Are all your plugins up to date? For the same reason as above - a poorly written WordPress plugin can open up security holes.
Do the WordPress files and folders have the correct CHMOD permissions on the server? If not, you're asking for trouble.
I'd recommend any/all of the following as further reading:
http://www.wpbeginner.com/wordpress-security/
https://codex.wordpress.org/Hardening_WordPress
If you don't want to do this work on your own, and you're working with GoDaddy, they offer (and now own) Sucuri which is a security service that will scan and clean your site. You can do this one-time, or pay for a monthly service that will continuously protect and restore your site.
Related
i have a website that was developed with wordpress
it was hacked ,I removed the malicious files that I've found on the server
and I got it back but when I search the website on google I found
strange links that I can't open them
photo
Remove url individually form google webmaster tools and it will take time remove it.
You should know that removing malicious files doesn't mean you cleaned up the site. There are many instances where a file will recreate all the malicious files again. Sometimes it can even be above the root of your website root folder. It's best to use a couple plugins to scan the whole site directory. And then check a couple days later if the malicious files return. (if this is the case you are best to actually just switch to a new server or reformat if you have the option as it will get quite expensive to pay someone to clean up your server)
First make sure you have completely cleaned up the hack. Then those pages in Google should get deindex as they won't exist anymore. It's probably not viable to remove every single hack page indexed in Google via webmaster tools as there could be 10s of thousands! (depending on the hack)
Below are a couple good scanners.
https://wordpress.org/plugins/quttera-web-malware-scanner
https://wordpress.org/plugins/sucuri-scanner
I would also recommend some plugins for enhanced security moving forward.
https://wordpress.org/plugins/ninjafirewall
https://wordpress.org/plugins/better-wp-security
https://wordpress.org/plugins/vulnerable-plugin-checker
My apologies in advance if I am posting it in the wrong forum.
I have a WordPress site. Every couple of days, a new user is added as an "Administrator" as shown below
I have changed my password many times using complex passwords but to no use. I even searched on Google and have read links like this one.
I have also unchecked the option "Anyone can register"
However, I am unable to stop them from registering.
Fortunately, no malicious activity has been noticed (Ex: Deletions/Unwanted posts etc)
Please advise me on what I can do to stop these?
You clearly have a more serious compromise, like an uploaded malicious script or an unpatched vulnerability. You need to rebuild your site from scratch (clean install of the current versions of WP and any plugins and themes, using a known-good database export) ASAP before something really bad happens.
Unfortunately, it's impossible to say what happened without digging through your server. My guess is that somebody exploited a vulnerability and uploaded a script. It could be anything - an hole in the WP core, a plugin, or a theme; a malicious plugin or theme; a stolen password; a breach of another site on the same server; or a number of other things.
Regardless of what happened, the only safe fix is to rebuild the site. If you have data backups, you can achieve this in a few hours.
I strongly recommend installing the security plugin WordFence to help prevent similar problems in the future. (I have no affiliation with WordFence, but use it on a number of sites.)
Finally, you might want to read this discussion on security.stackexchange.com. The consensus in this situation is "nuke it from orbit." Good luck!
Someone is making a SQL injection in your site.
If you want to prevent this in future, you should do some things.
Rebuild your website from scratch.
Install some of the security plugins, like Bulletproof Security, Wordfence, iThemes Security. I suggest you to buy the license of Bulletproof, or use the free version + one of the others. And be careful for the equal settings.
The most common attack are with SQL Injection XSS, Plugin exploits and of course brute-forcing the admin pass. You should upgrade every plugin and Wordpress every time when you see a new version.
Use less plugins. They are one of the main reason for hacked websites. If you use Linux, Ican tell you how to scan your website for vulnerabilities. Or just tell me the url, and I will tell you the results.
Also change your /wp-admin path, there are a lot of bots who search the web and make bruteforce attacks.
Also is important to use different admin username from admin or Admin. And use strong passwords. It's a good practice when you make a new Wordpress installation, to do two more users. The first will be an Author and will post everything in the site, the second you should make with Administration role. After that delete the first admin user and start the new one.
Hackers knows that almost every time the user with id:1 is the admin, so they can try to access again. So in this case your admin will be with id:3, and again don't use username like admin and etc.
Best regards and wish you luck.
Kasmetski
Check index.php, wp-admin/index.php to see if they have been modified. Usually the following line of code is added to the top of the index.php file. A code starting with 'required' is usually added.
The file being ‘required’/’included’ here contains malicious code which is executed along with each run of WordPress. Such code can generate fake pharma pages, Japanese SEO spam pages and other malware infections.
Delete the #require code from the file after comparing it with the contents of the core WP files from it’s GitHub repository.
Check if there are any new files in the root of the server or /wp-admin folder that were not created by you. Some of the files that you may find are:
Marvins.php
db_.php
8c18ee
83965
admin.php
buddy.zip
dm.php
If you find any of the above suspicious files, take a backup and delete them.
Source: https://www.getastra.com/blog/911/fix-wordpress-admin-dashboard-wp-admin-hack/
I was using self-hosted wordpress for a while and now I want to move all posts, settings to my wordpress.com account. I mean I want create free wordpress hosted account and move all data from self-hosted account into it. Is that possible? if yes, how? please explain
Although this isn't the usual direction to move, WordPress has documented it here: http://en.support.wordpress.com/moving-a-blog/
Megatron, I've seen a few of your posts about this hack. Its an up-to-date Wordpress install with very few plugins. By the sounds of things (and I may well be wrong here), I doubt you have done a huge amount of customisation yourself which could have introduced a vulnerability.
It could well be your theme but frankly my money is on your hosts themselves. Wordpress is so prolific that when a hosting company running many shared servers gets hacked there are inevitably loads of Wordpress sites that get compromised as a result and Wordpress gets the blame. The hosting company certainly don't own up to it.
Before you go to .com, switch hosts. Clean install, plenty of guides out there on resurrecting a Wordpress site - you've said yourself on other threads the site is only a week old so it'll be very easy to do. My 2p.
Last Wednesday a variety of the WordPress sites I manage got hacked, they were infected with a Viagra link (malware is so original).
I noticed in the wp-includes directory a file called utils.php (wp-includes/js/tinymce/utils/utils.php), also an addition to my general-template.php for the get_footer function.
This hack seems to only affect Google search results for sites, not the site when directly viewed by entering the URL, i.e your cached site will show a malware infested mess and lose ranking, meanwhile you will wonder why due to the site looking fine when viewed.
My host (TSO Host) have cleaned up the sites, didn't even need to ask, but I have no idea how the infection got there in the first place.
So my question is, does anyone know how the breach happens and what I can do to prevent it, other than the usual security tips?
This happened to a site that I spent weeks cleaning up. I can give you a few pointers:
Go through the Wordpress core files (under wp-admin and wp-includes) and delete all files that you don't see in the default wordpress instillation. I've never seen a plugin create a file in one of those 2 directories. After this, it'd be a good idea to re-install Wordpress, just in case they changed any of the existing files.
After that, change your Wordpress/FTP/SSH passwords as they've likly been cracked. Install WP Better Security. It seems a little annoying at first, but you can monitor everything with it, change the login slug, remove version info hackers can use to find security holes, black-list known hackers, and so much more.
Finally, this last one will take some time. Google your theme and each one of your plugins, and see if Wordpress has stopped using them because they were a security vulnerability. You'd be surprised at how many plugins haves holes. Try to avoid really new plugins, and try to use the same plugin for as many different sites as you can. If you're hosting more than one site on the same server and one of the sites gets hacked, they're all hacked.
It sounds like a pain, and it is a little bit, but after you're done you'll feel so much better knowing that you're in control of everything. Trust me.
I'm looking into building database driven websites based on opensource platforms in a sandbox area rather than having them accessible via the final URL until clients have paid up.
Is anyone aware of any problems this may cause with paths or functionality, or, know of any good articles on the subject?
many thanks
Shaun
There is no bad effect on functionality just because it is in sandbox. Generally, Joomla is almost location independent (untill and unless you are driving multiple websites from same joomla installation)
For security purpose secure the URL via .htaccess file (if more security required then setup a cron to update password every X hours, and email new details to user)
I would suggest having a cut-down, less privileged or demo account for signup users that can still enjoy the overall experience of your site without the full functionality of your killer-webapp services. "Restricting" them in a Sandbox area that is not even the actual site would not be as appealing and convincing as it could be for them to go from "freemium to premium" customers.
I develop all joomla sites on a local server and then upload to the production server once approved. In Joomla, when I upload the files to the production server, I usually need to change the mysql server as well and it can all be changed from the configuration.php file