Thread: Tipp: How to Avoid to let your Wordpress get hacked?

Today I have a new problem... a webhoster emailed me that they locked my webaccount.

They told me that my FTP Account was hacked and these hackers added some bad Javascripts in my Blogtemplate!

MY TIPP: NEVER DOWNLOAD ANY FREE TEMPLATES FROM UNKNOWN WEBSITES!!! From Today I will only download Themes from Wordpress.com Sites!

YESSS I HAVE LEARNED NOW!!!

80% off all free themes you can find in the internet are infected with any bad javascripts or base64 codes.

And thats why one of my wordpress blogs got hacked!

Please dont forget:

- take always a look on your Logfiles!
- reset password, add more Letters and Numbers in Password
- scan your PC with Avira DE-Cleaner (this not scanning for Virus. It scann for bots on your PC) - My PC was full with 10 Bad Bots!!!
- add simple backup and make backups weekly or daily
- add any firewall plugin for wordpress
- if you really need a template from a unknown Website, then please install the plugin "TAC" and scan your Theme after uploading!

I take templates from only reputed sites and always check code for anything suspicious.

Originally Posted by bluearrow

I take templates from only reputed sites and always check code for anything suspicious.

Backdays... Free Templates only having some Links in Footer...
Nowdays... Free Templates having bad scripts and other hacking files

one of my blogs was 301 redirecting to a dating community... the redirect was with a crypted affiliate link.
I contact already the affiliate managers of these dating community.

Also it would be good if you can tell the name of this theme and where did you download it. It can help others not to make the same mistake.

Originally Posted by bluearrow

Also it would be good if you can tell the name of this theme and where did you download it. It can help others not to make the same mistake.

I cant remember the themes.. cause I was working very fast... my goal was to reup my blogs with the latest backup.

But what I can say is... before you activate any Themes, YOU NEED TO RUN A SCAN WITH THE PLUGIN "TAC". This Plugin search for any bad javascripts and base64 codes.

Link: WordPress › Theme Authenticity Checker (TAC) WordPress Plugins

Beware, there are bad guys out there!!

I had a hosting space that was compromised via FTP a few years ago. A visitor told me that their Avast AV complained about the site. I checked and there was JavaScript appended to the index page. Checking further I found that it had been done by a bot and every index page on the hosting space had been hit. Not only do site root directories have index pages but most sub-directories have an index page to prevent the server from returning an index list of the contents of the sub-directory. It took me several hours to clean up the mess manually. Then a few months later the hosting company locked the account. I had missed a file in an archive directory to which there were no links! They had finally picked it up in a scan. About that same time they reset all the account passwords indicating to me that they had a security breach and that passwords had been compromised. (Changing the FTP password was my first action when I discovered the problem.) That situation affected every index page on the hosting space - about 30 domains and all the sub-domains and sub-directories housed on the hosting space including both static and CMS based sites.

You know what that is a great tip! I honestly never thought about it! Thank you for turning a negative into a positive by sharing with us. The great thing about sharing information like this is that it allows us all to gain life experience through each other. On the flip side, there will always be those people that won't listen..... here in Texas we have an old saying ' You can lead a horse to water, but you can't make him drink' LOL. I'm sorry that happened to you SEOBUNNY!

Originally Posted by seobunny

Today I have a new problem... a webhoster emailed me that they locked my webaccount.

They told me that my FTP Account was hacked and these hackers added some bad Javascripts in my Blogtemplate!

MY TIPP: NEVER DOWNLOAD ANY FREE TEMPLATES FROM UNKNOWN WEBSITES!!! From Today I will only download Themes from Wordpress.com Sites!

YESSS I HAVE LEARNED NOW!!!

80% off all free themes you can find in the internet are infected with any bad javascripts or base64 codes.

And thats why one of my wordpress blogs got hacked!

Please dont forget:

- take always a look on your Logfiles!
- reset password, add more Letters and Numbers in Password
- scan your PC with Avira DE-Cleaner (this not scanning for Virus. It scann for bots on your PC) - My PC was full with 10 Bad Bots!!!
- add simple backup and make backups weekly or daily
- add any firewall plugin for wordpress
- if you really need a template from a unknown Website, then please install the plugin "TAC" and scan your Theme after uploading!

---------- Post added 08-18-2013 at 01:27 PM ----------

Those of us that would NEVER dream of screwing with other peoples stuff forget that there are some people out there that will! We can only hope KARMA will come back and bitem hard... and not let go!

Originally Posted by wink0r

Beware, there are bad guys out there!!

I had a hosting space that was compromised via FTP a few years ago. A visitor told me that their Avast AV complained about the site. I checked and there was JavaScript appended to the index page. Checking further I found that it had been done by a bot and every index page on the hosting space had been hit. Not only do site root directories have index pages but most sub-directories have an index page to prevent the server from returning an index list of the contents of the sub-directory. It took me several hours to clean up the mess manually. Then a few months later the hosting company locked the account. I had missed a file in an archive directory to which there were no links! They had finally picked it up in a scan. About that same time they reset all the account passwords indicating to me that they had a security breach and that passwords had been compromised. (Changing the FTP password was my first action when I discovered the problem.) That situation affected every index page on the hosting space - about 30 domains and all the sub-domains and sub-directories housed on the hosting space including both static and CMS based sites.

Another tip: Use a OS System which is not much getting infected by the most issues. I learned in past years a lot with Windoof alias Windows, Linux and OSX. After i had my first "PC" a commodore 64 i was using a Windows 3.1 OS. After years of using the up coming Windows Versions and endless tests on Linux, i went to the OSX, and be there till today, but only on PC, on phone i hate the Apple phone.... (Back to the main point ) i learned myself how to protext myself and the OSX from attacks. The only reason why Linux was failing for me, was because there was not good Hardware support that time for the stuff i need to use. So finaly, everyone who use that old ( yes old basic built and not propper rebuilt) windows, will get earlier or later such issues with Virus, Trojas, Bots and what else is out there. There must be only one friend of yours who comes and looks any adult site short, and your are allready infected.... Same with the Free templates. As SEOBUNNY says, download only from trusted sites. By the way, with Skype it was some moth ago as well a hype, Skype was infected on Windows systems and was posting any text with a link, if the other was clicking on that link it automatic was downloading that issues on your hard disk. Fun was starting..... Be aware all out there!!

I had too faced this in one of my Site on Wordpress in past and what i learn are some:-

1) Always take things from Trusted Sources be it Themes or any Plugins.
2) Have a Firewall Plugin in Place always - As Seobunny Says.
3) Have a Good Security Network with Application & Database Protection System.
4) Have a Good Paid Antivirus with Bot Detection on your system as Free System often do not serve the purpose.
5) Regularly change the FTP, Login or other Passwords.
6) Back your data on regular interval (Yourself too in addition done by hosting provider)
7) Act Soon when you find any suspicious behavior.

I too agree with bluearrow - We should compile a list also for others from where we can get these trusted things (Obviously Don't Spam with Affiliate Links)

Originally Posted by needtruehelp.com

I had too faced this in one of my Site on Wordpress in past and what i learn are some:-

1) Always take things from Trusted Sources be it Themes or any Plugins.
2) Have a Firewall Plugin in Place always - As Seobunny Says.
3) Have a Good Security Network with Application & Database Protection System.
4) Have a Good Paid Antivirus with Bot Detection on your system as Free System often do not serve the purpose.
5) Regularly change the FTP, Login or other Passwords.
6) Back your data on regular interval (Yourself too in addition done by hosting provider)
7) Act Soon when you find any suspicious behavior.

I too agree with bluearrow - We should compile a list also for others from where we can get these trusted things (Obviously Don't Spam with Affiliate Links)

A list would be very useful Has one been started yet?

How to get the plugin TAC? How to scan the theme for finding any bad files?

this is a very valuable info thanks for bringing it to my hearing never thought of it before now

Originally Posted by seobunny

Today I have a new problem... a webhoster emailed me that they locked my webaccount.

They told me that my FTP Account was hacked and these hackers added some bad Javascripts in my Blogtemplate!

MY TIPP: NEVER DOWNLOAD ANY FREE TEMPLATES FROM UNKNOWN WEBSITES!!! From Today I will only download Themes from Wordpress.com Sites!

YESSS I HAVE LEARNED NOW!!!

80% off all free themes you can find in the internet are infected with any bad javascripts or base64 codes.

And thats why one of my wordpress blogs got hacked!

Please dont forget:

- take always a look on your Logfiles!
- reset password, add more Letters and Numbers in Password
- scan your PC with Avira DE-Cleaner (this not scanning for Virus. It scann for bots on your PC) - My PC was full with 10 Bad Bots!!!
- add simple backup and make backups weekly or daily
- add any firewall plugin for wordpress
- if you really need a template from a unknown Website, then please install the plugin "TAC" and scan your Theme after uploading!

Bullet Prof Security is pretty amazing, and you can use one license on all your sites.