WordPress Site Keeps Being Hacked
-
The above site keeps being hacked every few weeks where a url encoded line is added to the top of the index.php file in the root directory and also index.php in the wp-admin directory. This just ends up causing the website to display a server 500 error.
The site was running on Apache2 an Ubuntu VPS on DigitalOcean and I have set up a new VPS for it and more recently moved it to a Windows Server Hyper-V host.
It doesn’t matter if I set up a fresh machine and install Apache2 as it continues to be hacked regardless.
I host about 29 other sites (although none are currently WordPress) and each time it happens I restore back an old copy of the files and then install any updates that need re-applying.
I don’t need to restore the database when this happens.
If I copy the file to a Windows machine, Windows Defender blocks the file as Trojan:PHP/Obfuse.AS!MSR
WordPress is kept on the latest version along with the plugins and I installed WordFence to try to block attacks.
The people who developed the site just blame the hosting but I have been hosting sites on my own server since 2012 and whilst I cannot rule this out I am unsure what setting would need locking down and I have built two new servers now yet it has made no difference and in the past even had to comply with some quite rigorous PCI DSS tests carried out by banks for ecommerce sites. I suspect it is something in the site as it was getting hacked whilst they were still developing it. The site runs as the www-data user with files set as 644 permissions and folders as 755.
I have only ever had 2 other websites hacked in a similar way. One allowed unrestricted uploads to any folder via a rogue php file that was present and the other was a WordPress site with lots of outdated and unsupported plugins so the reasons for those were clear. All the rest have never had issues.
I have looked in the log files but cannot see anything significant in the access.log or the error.log files for this site at the time the index.php file was modified.
I would appreciate any help as trying to keep this site running is proving very time consuming.
Thanks
Robin
The blog I need help with is: (visible only to logged in users)
-
We can’t help as your site isn’t running on the wordpress.com but is self-hosted menaing it uses the open source wordpress.org. You must solve this problem yourself; you find usefull info at https://wordpress.org/documentation/article/faq-my-site-was-hacked/
Also check your own computers, smartphones, … for malware.
If your site is that much hacked, you could to move your site to our wordpress.com platform. On our platform wordpress.com takes care of security. You find our paid plans at https://wordpress.com/pricing/
More info on our security can be found at https://wordpress.com/support/malware-and-site-security/ and https://wordpress.com/support/security/
-
Thanks anyway. It’s a shame there is no support for WordPress when it is so widely used and so actively targeted by hackers. Everyone I know has had their WordPress site hacked at some point over the years as vulnerabilities do keep being discovered. I have helped them remove the hack and restore their sites.
I set up WordFence on the site and set it to auto-update and it does block users from around the world every day but the site is still hacked just as regularly. It tells me there are no issues detected shortly before hacks.
I also uninstalled unused plugins.
The hosting itself is secure and non-WordPress sites are not hacked and .php files are not modified so it is an issue with WordPress rather than the environment itself and code keeps getting injected into index.php and also sometimes .htaccess.
I have a feeling WooComerce may be the source of most of it but I’m not sure.
My own computers run antivirus software and are part of a domain and do not have viruses on them and I am confident this is not the source of the issue. It is the site getting hacked externally.
The IT company who developed it do not want to look into it and I only host it.
I will recommend they move to something custom as I think WordPress is overkill for what is on there. The problem has got worse since the site was featured on a BBC programme recently.
To fix the site I just overwrite a backup of the files from before the hack so can continue to do this each time it gets hacked for now although it is rather a pain.
Scanning the files with a virus scanner shows up nothing and with WordPress having so many files it is difficult to know if there is one extra somewhere and vulnerabilities may lie in the customisations carried out by the IT company.
Moving it to WordPress.com could be an option I suppose but then even at £240 could all the customisations be transferred across and how difficult would this be?
Thanks
Robin -
Hey there,
As mentioned, on these forums, we can only assist with WordPress.com related issues. Therefore, I wanted to remind you about the option to migrate your WordPress site to our servers.
The content alone can be moved by exporting from Tools > Export, and then imported as per these steps here: https://en.support.wordpress.com/import/ (Tools import). To get the storage you need, and to be able to use a custom primary domain, a paid plan would need to be in place: https://wordpress.com/pricing/
Alternatively, a site can be migrated into WordPress.com, as is – including all content, themes and plugins. We make the migration process easy with the WordPress.com Migration plugin, which you can find at this link: https://wordpress.org/plugins/wpcom-migration/.
A site being migrated into WordPress.com using this plugin would require a WordPress.com Business Plan.
We provide a fully managed hosting service with a custom server environment, specifically optimized for WordPress. This means you’ll benefit from built-in security measures, performance improvements, and in-house support to address any questions or concerns you may have.
Migrating your site to WordPress.com may initially seem like a daunting task, but the advantages of our fully managed hosting service outweigh the effort involved. With our optimized server environment and tailored version of WordPress, you’ll have access to the best possible hosting service for your WordPress website.
However, if you decide not to migrate your site to WordPress.com, don’t worry! We still want to ensure you receive the help you need. The open-source WordPress forums are available to provide support, where you can connect with experts in WordPress who are well-equipped to assist you with any issues you may encounter.
We hope this information is helpful. If you have any questions or concerns, please don’t hesitate to contact us. Thank you for considering WordPress.com as your hosting solution!
- The topic ‘WordPress Site Keeps Being Hacked’ is closed to new replies.
WordPress.com Forums 