Helping to recover from Hacked WordPress
WordPress Websites and Blogs get hacked. All Content Management (CMS) and other Website software gets hacked and as WordPress is so incredibly popular it makes sense that WordPress Sites will be hacked. Fortunately WordPress is actually very secure against malware and hackers. I offer services where I assist people and organizations to recover from hacked WordPress Sites so have seen all sorts of ways that Sites get hacked. Today however I came acroess a hacked Site with a new ‘footprint’.
The client had received an email from Paypal saying that his Site had been compromised. The Website was now being used as a ‘phishing’ Site to get information from Website visitors and maliciously send that information to a 3rd party (the hacker). My clients Site had also been identified by Google Chrome, Internet Explorer, Firefox and others as a malware and phishing Site.
I’m not going into the various technical details of the compromise save to say that it had the hallmarks of a SQL-injection or some other Mysql database compromise. My suspicion is that the Webhost unwittingly allowed access to the hacker through, possibly, unpatched or not updating PHP.
I don’t believe that WordPress itself was the method used by the hacker to compromise the Site. Unfortunately sometimes Sites get hacked no matter what CMS or software used!
Posted from WordPress for Android
Feb 15, 2012 @ 07:57:58
Do you have someone you network with in Auckland who provides a similar service to yourself?
I will be in Sydney in March but it makes sense to work with someone locally.
Feb 15, 2012 @ 19:53:49
Hi Robert, I work with various people in numerous countries but none in NZ. My service to NZ customers is just as good as to my other customers
Feb 15, 2012 @ 23:44:00
Is there any full secure solution to stop phishing? I saw many sites (including mine) get hacked despite high security and PHP is easy to hack rather than JAVA or ASP.NET.
Feb 16, 2012 @ 11:06:43
Unfortunately the only sure means of not being hacked is not to have a Website
Feb 27, 2012 @ 15:08:32
This has happened to us and a few sites….we are hosted on Jumba…
I’ve had a hacked site previously on wordpress now a few more. Other sites on Drupal have never been hacked. Starting to consider not using wordpress again….Is there any way to work out where breach has occured? FTP/Cpanel vs wordpress vs other?
Feb 27, 2012 @ 18:01:22
Hi D, I’ve come across alot of WordPress hacked Sites and it’s very seldom that an up-to-date WordPress Site has been the entry point for a hacker. Usually the entry point is either the host themselves (e.g. they aren’t running the latest version of PHP or MySQL etc) or the Website owner hasn’t updated software (e.g. there was recently a vulnerability discovered in TimThumb which is/was used by many Themes and Plugins but people failed to update their Themes and Plugins and so got hacked).
I’ve run over 30 WordPress Sites myself for many years and only one Site has been hacked and that was a host vulnerability where many other MySQL databases were heacked at the same time.
As for discovering where the hacker gained access this depends on what has been done to the Site and/or database and how many Sites are affected.