Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Hacked

Discussion in 'Wordpress' started by Admin, Jun 7, 2013.

Thread Status:
Not open for further replies.
  1. fish United Kingdom

    fish Well-Known Member

    Joined:
    Nov 2006
    Posts:
    2,710
    Likes Received:
    27
    Which where the plugins at fault? would be good to know just in we have the same installed.

    Thanks

    ><(((0>
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    IWA Meetup
     
  3. baldidiot United Kingdom

    baldidiot Active Member

    Joined:
    Sep 2012
    Posts:
    362
    Likes Received:
    30
    I had a site (not wordpress) taken down repeatedly a couple of weeks ago - still no idea how they were doing it.

    Nothing like a good hacking to get you to go through and back up/update all your sites!
     
  4. Admin

    Admin Administrator Staff Member

    Joined:
    Jun 2004
    Posts:
    11,120
    Likes Received:
    464
    https://www.youtube.com/watch?v=BrOMFz46BLQ

    You can protect against manual SQL insert with this:

     
  5. Admin

    Admin Administrator Staff Member

    Joined:
    Jun 2004
    Posts:
    11,120
    Likes Received:
    464
    I also just found out that Wordpress will still work even if you move the wp-config.php one lebel ABOVE the root, so put it outside the publically accessible webspace on your server.

    So instead of:

    ~/home/user/public_html/wp-config.php

    Simply FTP into your server, and then move wp-config.php above the public_html directory so that it is located in:

    ~/home/user/wp-config.php

    Admin
     
  6. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,851
    Likes Received:
    617
    Another good defensive strategy: don't host a Wordpress-powered site on a server that also has other critical sites on it. That way, if they hack Wordpress only that site will get taken down.
     
  7. dashu1 United Kingdom

    dashu1 Well-Known Member

    Joined:
    Nov 2008
    Posts:
    1,113
    Likes Received:
    14
    There's a lot of debate though with this about whether it's more or less secure to move the config file a folder above.

    Can't see it'd make a whole lot of difference in the grand scheme of things myself.
     
  8. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,616
    Likes Received:
    140
    I can't see that making a difference, I'm looking into implementing a open_basedir for each install, more to limit php to the root of the install so it can hopefully contain an infection from spreading.
     
  9. Admin

    Admin Administrator Staff Member

    Joined:
    Jun 2004
    Posts:
    11,120
    Likes Received:
    464
Thread Status:
Not open for further replies.