WordPress sites been hacked repeatedly

• 

  shinya8795 · Member · Sep 8, 2010 at 4:07 am

  • Copy link
  • Add topic to favorites

  We host number of websites in site5.com developed for our clients and been hacked repeatedly last couple days.
  I noticed that I received the reset password message by someone before our sites are compromised so I was wondering
  if it had something to do with it. The whole files were deleted and replaced by index.html with some colorful hacking messages.

  We still don’t know what was the cause yet but scanned all our computers to see if there are username/password were stole from
  malwares but can’t find anything there.

  Let me know if any of you have idea what is going on.

• 

  supportbot · Member · Sep 8, 2010 at 4:07 am

  • Copy link

  You did not specify a blog address or reason for posting when you created this topic.

  This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you’ll find help at the WordPress.org forums.

  If you don’t understand the difference between WordPress.com and WordPress.org, you may find this information helpful.

  If you forgot to include a link to your blog, you can reply and include it below. It’ll help people to answer your question.

  This is an automated message.

• 

  raincoaster · Member · Sep 8, 2010 at 5:28 am

  • Copy link

  This is a WordPress.ORG issue, and you should be over there to seek help.

• 

  thesacredpath · Member · Sep 8, 2010 at 6:20 am

  • Copy link

  And, it is one of a several things. Either the sites have not followed the recommended security measures that wordpress.ORG recommends, they are using old, un-secure versions of wordpress (shame on them for not updating if this is the case), or they have used an easy to guess password, or there is an issue with the hosting company’s web software security measures.

  I just went through a similar thing with 7 sites on one web hosting company and the bulk of the issues were problems with the web hosting software and settings. Sadly the client ended up paying me to fix something that was the web host’s fault. They made the recommended changes to their system, but would of course not cover any of the costs for fixing the damage they caused.

• 

  tandava108 · Member · Sep 8, 2010 at 12:53 pm

  • Copy link

  thesacredpath,
  That’s one reason I like wordpress.com. I don’t have the time to self install and host, and don’t trust many hosting companies to keep up to date with all the security patches!