Skip to:
Content
Pages
Categories
Search
Top
Bottom

I think my site has been hacked

  • @footybible

    Participant

    Just logged into my site and ‘last logins’ showed that admin logged in 4 hours ago from IP 202.56.7.114, which seems to be registered to Bangladesh.

    I’m pretty worried about what they have done. Looking around I can’t see anything. Is there anything I should be looking out for? How can I make sure they don;t get in again, other than changing my password?

    Any help much appreciated, I’m pretty stressed about this!

Viewing 8 replies - 1 through 8 (of 8 total)
  • @djpaul

    Keymaster

    Hi Matt
    Take a look at https://codex.wordpress.org/FAQ_My_site_was_hacked for starters

    @hnla

    Participant

    edit/ beaten to it :) check that link as it will have the best advice.

    Simple security through obscurity firstly; don’t use the name Admin change it to something else ensure a really strong password, was yours strong before?

    this is an example of a strong password and would take a long time to brute force:

    aktE49!-Fr2?*

    If you are not using a mix of alpha numeric characters, upper and lower case, and symbols then your password is essentially weak, and password strength indicators are not necessarily that reliable if they simply say strong because a character is entered more than 8 x.

    I would check carefully all folders for odd files, check server logs if possible, change any other passwords especially your DB, FTP.

    Also chek the WP forums and codex for further information that may be available.

    @footybible

    Participant

    Ok – I have changed my name and I seemed to have lost access to large areas of the backend, such as plugins, super admin etc. Where might I have gone wrong?

    @rossagrant

    Participant

    @DJPaul I have my name still set as admin and after reading stories regarding hacks etc would quite like to change it. What is the safest way to change it and will the old admin name still show on other parts of the site, e.g. the older activity etc?

    @djpaul

    Keymaster

    The key thing that hnla refers to is the user login name. Google tells you instantly how to change this in the database, for example http://www.goldfries.com/websites-blogging/wordpress-change-admin-login-name/. Note if you are running WordPress MS then there will be another field you need to update.

    @modemlooper

    Moderator

    @footybible

    Participant

    The ms field update Paul talks about is found here:

    https://wordpress.org/support/topic/recover-super-admin-access-after-username-change

    I have now changed my username but I have no idea how I was hacked. I was already using login lockdown. And, through ‘login log’ I can see failed login attempts, of which there were none. So it wasn’t a brute force attempt – I’m thinking I have a loophole somewhere :-(

    @hnla

    Participant

    Yep sorry I was referring to changing login name which adds to obscurity by leaving Admin as the visible user yet one would need to know the actual and different login name, it works after a fashion except for the fact that the new real login is shown on one of the @mention links but not all.

    As for the method used to gain access not sure, all you can do for the moment is change every password and then keep a clsoe watch. Maybe others have some other suggestions.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘I think my site has been hacked’ is closed to new replies.
Skip to toolbar