WordPress Site Hacked!

We discovered yesterday that one of our WordPress sites was hacked.   We are pretty diligent about keeping our sites up-to-date and we do a complete update check once a month on all sites.

So what happened?

Basically this is a good example of how pervasive and unrelenting the hackers are these days.  That technical people who follow the rules can still get hacked is a warning.  Scary as that is, you can fight back. We are not completely sure if this hacker found a currently common vulnerability or a new one.  This site did not have the “timthumb.php” file so that was not the entry point. but a bit of research did point out that this is still a common target.

Some WordPress Basics For the Non- Technical

There are two quick tools you can use to monitor your site. The first is a plugin that scans your site for the “timthumb” vulnerability. The tool is here:

Timthumb Vulnerability Scanner

The next is a general scanner service provided by Sucuri as a free service:

Free website Malware and Blacklist Scan

I would definitely recommend both for any non-technical WordPress users.  Lastl,y and most importantly, keep your WordPress site up to date and clean it up by removing old themes and unused plugins.  In our case, upgrading to the next version cleaned up the problem, along with getting rid of some old unused themes that seemed to be where this hacker targeted the site.  It is easy to just deactivate a theme or plugin and just leave it there, but a quick scan of our hosting logs revealed that most sites get probed constantly for vulnerable code. For example, this particular site was probed over 200 times this morning for files that don’t exist on this site.  You can’t stop this, but you can make it harder by keeping your site “lean and trim” and free of unused code in the form of themes and plugins.

So, time for some winter cleaning and maintenance!

 

This entry was posted in PHP Programming, Tips and Techniques, Web News by John Moore. Bookmark the permalink.
John Moore

About John Moore

John Moore is the co-founder of SonicSpider, LLC in San Diego County, California. John is our head Internet developer, overseeing the direction of our technical services. He has been programming in a variety of languages for more than 25 years, first as the owner of the consulting and system architect/design company, Micro-Phyla Systems, which provided services to enterprise level companies, and then as a principle with SonicSpider LLC. SonicSpider has two primary divisions, SonicWebTech for programming, ecommerce solutions, and general web oriented technical assistance - and RightStart Websites, specializing in WordPress, which provide low cost web packages and website enhancements that can span your needs from "do it yourself" to "do it all for me". John is also a PayPal Certified Developer and has extensive experience with many payment gateway solutions.
View John's Google Profile+
  • Joanna Foley says:

    Sooooo grateful you made this post; adding this plugin today.

    • jbmoore says:

      Interestingly, right after your comment was another comment that had code injected in it.. Another Hack attempt.

      This is not Kansas anymore.. (never was, but we can always dream..)