Website getting hacked
Hope you can help.
Our adult education get constantly hacked, we change passwords, remove all dodgy files, what ever we can find, but after few days website is hacked, they just put own index.php. They leave all the content undamaged, but some files as well, like cpanel cracker - I usually upload whole website again, which is clean. But I have no idea how we can stop that. I have very limited knowledge about website hacking and website in general - someone designed website for us.
We use easyspace for hosting, website is done with wordpress and third party theme. Last time I have change all passwords, cpanel, ftp, wordpress admin password, change secret keys as well - and today after a week hacked again.
Can anyone help?
Have you you changed the actual username from admin to something else for the website? IIRC read something about doing that for security, correct me if I am wrong guys.
1. Check cPanel is up to date
2. Check Wordpress is up to date
3. Check plugins are up to date, disable any you aren't actively using.
4. Check whether your third party theme is up to date (yes, even themes can have a security vulnerability). If it is a publicly available theme, can you name it/give a webpage for it?
Cpanel, we have to check with hosting guys, but all other things were just updated few weeks ago, and we thought it will help. All plugins and theme updated as well.
The webpage address: claverham-education.co.uk , I'm fixit it now, so hackers website is gone.
Install this plugin and go through the 'traffic light' suggestions to lock your site down.
WordPress › Better WP Security « WordPress Plugins
There is also a recent security update to Wordpress, now 3.5.2.
Is this a shared or dedicated host? First step is to make sure you've changed the MySQL User's password, and that your admin account for Wordpress doesn't use 'admin' as the username.
Silly question is ftp secure ftp?
I think hostings is not on dedicated servers.
Normal FTP, can't connect with SFTP, is either easyspace don't offer it or our proxy settings blocks it, but I think they just do not offer it.
If you're not on a dedicated host you should contact EasySpace support and notify them of the breach, as it may have compromised other accounts on the server.
did that already, telling the truth they are not brilliant
Move it. I can recommend Vidahost, they will move the site for you. They are cheap too.
Originally Posted by kcymer
Is it a new index.php or is yours being modified?
If it's the latter, your need to sanitise your inputs. [In other words, it's the comments or the search bar. Possibly the username/password boxes, but I doubt it.]
I took a while to reply because I was poking your website a bit.
playing with the site now.
I think your problem might be the thumb.php script in your theme itself.
There was quite a big security issue surrounding Tim Thumb as it's called, so much so that WooThemes removed it from all of their themes to make sure security was good. I would suggest checking this over as I know it compromised a few of my clients sites that I host, but a refresh of a recent backup, combined with the new database and removal of the thumb.php script worked a treat. Doesn't look like WPLocker (or wherever you got the WPStore theme from) has updated that though.
Seems to be in /v7/wp-content/themes/WPStore/thumb.php
Worth a check.