Help, my site got hacked multiple times

slvrsteele · Mar 29, 2023

@danger I know it might not be the answer you were looking for but do yourself some good and read this first

https://babia.to/threads/wordpress-site-hacked.82802/

I know you're hyped and everything but it doesn't help you saying repeatedly "my site got hacked what to do"
You can easily find the answer to that on Google

But if you come with specific details:
- I am using this theme with version, I have installed these themes (including inactive)
- I am using these plugins with version, I have installed these plugins (including inactive)

There are many things you can do to prevent this from happening but it mostly apply to a clean site.
Using security plugins, updating your plugins and themes to latest, constant backups are a quite most used combination.

Also mind that even if your files might be clean it can be a db trojan saved as a post or setting

danger · Mar 29, 2023

slvrsteele said:
@danger I know it might not be the answer you were looking for but do yourself some good and read this first

https://babia.to/threads/wordpress-site-hacked.82802/

I know you're hyped and everything but it doesn't help you saying repeatedly "my site got hacked what to do"
You can easily find the answer to that on Google

But if you come with specific details:
- I am using this theme with version, I have installed these themes (including inactive)
- I am using these plugins with version, I have installed these plugins (including inactive)

There are many things you can do to prevent this from happening but it mostly apply to a clean site.
Using security plugins, updating your plugins and themes to latest, constant backups are a quite most used combination.

Also mind that even if your files might be clean it can be a db trojan saved as a post or setting

I have read the link you sent above, and it doesn't help me really.
I only use Skelementor as theme.
Here are my plugins :
- Advanced Database Cleaner PRO
- Elementor + Elementor Pro
- ElementsKit Lite
- EWWW Image Optimizer
- hCaptcha for WordPress
- Really Simple SSL
- SEOPress + SEOPress PRo
- Site Kit by Google
- TranslatePress - Business
- Wordfence
- WP Mail SMTP Pro
- WP Rocket

I looked in cron jobs, but didn't find anything suspicious.
I cleaned the database with Advanced Database Cleaner.

Furion · Mar 29, 2023

danger said:
I have read the link you sent above, and it doesn't help me really.
I only use Skelementor as theme.
Here are my plugins :
- Advanced Database Cleaner PRO
- Elementor + Elementor Pro
- ElementsKit Lite
- EWWW Image Optimizer
- hCaptcha for WordPress
- Really Simple SSL
- SEOPress + SEOPress PRo
- Site Kit by Google
- TranslatePress - Business
- Wordfence
- WP Mail SMTP Pro
- WP Rocket

I looked in cron jobs, but didn't find anything suspicious.
I cleaned the database with Advanced Database Cleaner.

Are you sure the hack is from your website?
99% it is from the server in my case

slvrsteele · Mar 29, 2023

Versions does matter. lower versions may be affected by vulnerabilities patched in newer versions.
Also you missed to specify if your site is on shared hosting or VPS/VDS/dedi.

Course of action for you:
run a compare check between your website folder and local unzipped folder containing original wordpress and plugins (exact same versions taken from legit sources)

Because your site was compromised there is a file that acts like a trojan or backdoor so doesn't matter how many times you try to clean your site it will be back.

Also if you're not on shared hosting but you have more than one site hosted at the address problem might come from a different location.
If you're on shared hosting then the issue might come from another site hosted.
You can only see if you analyze your access and error log files from server.

Trying to say it so many times and everyone ignores it: DETAILS MATTERS
One minor version in one plugin matter. For example

Profile builder plugin (used with wordpress registration usually) was improperly sanitized that lead to a privilege escalation. Basically anyone could have registered himself as admin. That happened in v2.4.0 which was patched in v2.4.1

You can't go to a doctor and say "Doc, I'm sick" and expect him to heal you magically without knowing details about you.

Sebrof · Mar 29, 2023

danger said:
Hello,

My website has been hacked recently. I replaced the passwords of the database, the FTP, the Wordpress accounts. I replaced all the Wordpress files except WP-Content.

But every time it happens again. Do you have any advice?

my site was also hacked. Had Wordfence and Sucuri... they did not get in via the site itself. They got in via cpanel. If you are using cpanel or a host, ask them for a log of cpanel logins - thats where I found mine.. Fortunately for me, I made a backup the day before and all I did was zip up all the files at the site and then downloaded it. My site was back up and running, clean, in an hour.

word of advice... just updating plugins and themes won't necessarily get it done. I completely wiped my site and then uploaded my backup. If the hack is from an additional file inserted into one of your plugins, that file will still be there when you update the theme or plugin because it is not a file from the plugin - it's an extra file. Wipe the site, then restore via a backup or, reinstall all plugins.

alyx · Mar 29, 2023

danger said:
Yes it's a backdoor, but I can't find it. Replaced all wordpress files, changed all password, but still there..

if you really need help contact me... i'm drop my WhatsApp number in your dm

AdaaCH · Apr 2, 2023

Hello,
I am currently managed several wordpress websites. I can help you in that case.

anaxtech · Apr 2, 2023

Since this is happening all the time ...its SQL injection ....i can fix it ...max 24 hrs and same issue will not happen ...DM me ...

Strakovski · Apr 2, 2023

Install Anti Malware https://wordpress.org/plugins/gotmls/, scan your site, and others on your server, and there's a good chance it'll fix your issue.

It's helped me more times than I can count.

slvrsteele · Apr 2, 2023

AdaaCH said:
Hello,
I am currently managed several wordpress websites. I can help you in that case.

anaxtech said:
Since this is happening all the time ...its SQL injection ....i can fix it ...max 24 hrs and same issue will not happen ...DM me ...

This is not a service request sale thread. I would suggest you both to read the rules.

anaxtech · Apr 2, 2023

slvrsteele said:
This is not a service request sale thread. I would suggest you both to read the rules.

Accept apologies...my mistake no intention to market services...just trying to help ...

AdaaCH · Apr 2, 2023

slvrsteele said:
This is not a service request sale thread. I would suggest you both to read the rules.

I am not trying to sale any thing. Just offer to help.
Forget to mention that

purpletiger · Apr 2, 2023

alyx said:
doesn't matter at all...

doesn't matter at all if he's on perhaps an unmanaged vps for whose security he'd be fully responsible for?

Rubixvi · Apr 7, 2023

There are so many reasons, and yes some hosting providers provide very low-quality servers with poor security. Hire a professional.

DEBAKID · Oct 22, 2023

danger said:
Hello,

My website has been hacked recently. I replaced the passwords of the database, the FTP, the Wordpress accounts. I replaced all the Wordpress files except WP-Content.

But every time it happens again. Do you have any advice?

Use cloudflare protection, use nginx to reverse proxy, hide your ip, stop using nulled plugins from unknown sources

Search

Search

Help, my site got hacked multiple times

slvrsteele

Mr. G(rumpy)

danger

Active member

Furion

Well-known member

slvrsteele

Mr. G(rumpy)

Sebrof

Member

alyx

Active member

AdaaCH

Member

anaxtech

Member

Strakovski

Member

slvrsteele

Mr. G(rumpy)

anaxtech

Member

AdaaCH

Member

purpletiger

Well-known member

Rubixvi

Well-known member

DEBAKID

Active member

Similar threads

Latest posts

Forum statistics

Share this page