Security
-
Today I discovered that a number of my sites on the test server were hacked and their code inside the WordPress wp_ core files was changed. That is, wp_config.php, wp_active.php and so on, as well as index.php and xmlrpc.php have been changed. In the wp-admin and wp-includes directories, all files that are located outside the folders/directories have been changed. In the wp-content directory, only the index.php file has been changed. In various directories included in the wp-content folder (plugins, themes, and so on), the code has not been changed. Everywhere in each modified file the same code is embedded, which collects data about the user.
Queston. Are there any versions of how the malicious script was able to change these files and how it penetrated the sites? Moreover, there are sites on WordPress on the same server that have not been hacked.
-
We can’t help as your sites aren’t running on the wordpress.com platform but on a third party server. There are 2 levels of security: your server and your wordpress installation. To know more about the security of your wordprss installation, you must head over to wordpress.org
-
I just need to understand where an infected script could have gotten onto WordPress sites. Why did he selectively change the code in the files? Why did the code change in the files located at the root of WordPress and 1 level below. If I reinstall the WordPress core the site works. Neither the database nor the theme files have been touched.
- The topic ‘Security’ is closed to new replies.
WordPress.com Forums 