advertisement
Forums

The Forum is sponsored by 
 

AAPL stock: Click Here

You are currently viewing the Tips and Deals forum
Wordpress site hacked
Posted by: bazookaman
Date: August 31, 2021 02:24PM
I built a Wordpress site for a guy years and years ago. He just emailed me out fo the blue and said he was hacked. He's jumped through a number of hoops and has landed with his web host disabling his site. Or at least quarantining files they deemed them "insecure and exploited to send out spam". But now he cannot do anything and his host won't do anything either. It seems they will be happy to quarantine his file but its up to him to fix the problem. I haven't been in the website game for a while and I've never had one hacked (knock on wood) so I don't even know what to suggest to him. Any ideas?



Options:  Reply • Quote
Re: Wordpress site hacked
Posted by: clay
Date: August 31, 2021 02:34PM
either pay a big company like [sucuri.net] to clean it, or hire someone that knows what they're doing to clean it. I have cleaned several sites for clients...success level depends on a bunch of factors (like how sophisticated the hack was, whether your friend or his host has a clean recent backup, etc). Also got to think about things like site security more seriously going forward, including whatever is happening on the server level, and things like Wordpress security (good strong passwords, removing user/admin accounts no longer needed, making sure there's some sort of firewall in place, etc).
Options:  Reply • Quote
Re: Wordpress site hacked
Posted by: bazookaman
Date: August 31, 2021 02:38PM
Yeah, I told him it sounds like he's going to have to pay someone to fix it. I've heard of Sucuri too but I didn't want to mention until I heard some other opinions. And yes, definitely. Its not just about fixing the site, it's about securing it and id'ing what happened to begin with so that it doesn't happen again.







Edited 1 time(s). Last edit at 08/31/2021 02:38PM by bazookaman.
Options:  Reply • Quote
Re: Wordpress site hacked
Posted by: C(-)ris
Date: August 31, 2021 06:23PM
Quote
bazookaman
Yeah, I told him it sounds like he's going to have to pay someone to fix it. I've heard of Sucuri too but I didn't want to mention until I heard some other opinions. And yes, definitely. Its not just about fixing the site, it's about securing it and id'ing what happened to begin with so that it doesn't happen again.

Wordpress? That hasn't been touched in 5 years? It was probably full of unpatched vulnerabilities.



C(-)ris
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Throwback Thursday Signature:
Options:  Reply • Quote
Re: Wordpress site hacked
Posted by: Markintosh
Date: August 31, 2021 10:50PM
If you wanted to give it a go yourself, I recommend the paid version of the Wordfence plug in. I've become very familiar with that lately.

One of my current clients had 10 sites on one shared account. I am currently managing 3 of them, the others have not been touched for years, and the the cross scripting hacks has been a PITA.

After the latest round of cleanup, and billing my client another couple of hours...I suggested we needed to update, clean and secure the other sites...or remove them from the server. I gave him an estimate of $300 per site to do that, which compares to the $400-500 starting charges for most pro clean-ups.

My client decided that we can completely kill off 6 of the sites. The 7th is going to get a quick conversion to one static memorial page so he can continue using the email address.



“Live your life, love your life, don’t regret…live, learn and move forward positively.” – CR Johnson
Loving life in Lake Tahoe, CA
Options:  Reply • Quote
Re: Wordpress site hacked
Posted by: freeradical
Date: September 01, 2021 12:04AM
Why is WordPress so easy to hack?
Options:  Reply • Quote
Re: Wordpress site hacked
Posted by: bazookaman
Date: September 01, 2021 05:10AM
The problem with a plug-in. Any plug-in is that Wordpress is no longer functional. I’m assuming due to the host company quarantining essential files. In other words the site is literally not there. So you cannot get into Wordpress to actually run a plug-in. Or at least I can’t. I think this will require someone with a bit more expertise. That’s why I got out of that business. I didn’t want to be responsible for other’s security.



Options:  Reply • Quote
Re: Wordpress site hacked
Posted by: bazookaman
Date: September 01, 2021 05:12AM
Quote
freeradical
Why is WordPress so easy to hack?

Probably b/c it’s everywhere. It relies on plugins and themes that can be easily exploited if left un-updated. B/c it is everywhere and a monkey can set a wp site up, Admins are “normal” people who don’t take the proper precautions. There are lots of ways for it to go wrong.







Edited 1 time(s). Last edit at 09/01/2021 05:13AM by bazookaman.
Options:  Reply • Quote
Re: Wordpress site hacked
Posted by: Sarcany
Date: September 01, 2021 12:53PM
Quote
freeradical
Why is WordPress so easy to hack?

After my Joomla site was hacked via a zero-day, I switched to WordPress and following setup advice in their site I moved some key files to a sub-directory, added a simple security plugin, installed a captcha check plugin for comments and set it to auto-update.

That was 2014.

I have not done anything in the way of maintenance on the site since then. And it has not been hacked.

My conclusion is that WordPress is not easily hacked when basic precautions are taken.

You hear about WordPress hacks because it's popular and people don't bother taking 5 minutes to read up on the recommended security steps before deploying.







Edited 1 time(s). Last edit at 09/01/2021 12:53PM by Sarcany.
Options:  Reply • Quote
Re: Wordpress site hacked
Posted by: bazookaman
Date: September 01, 2021 01:40PM
Quote
Sarcany
My conclusion is that WordPress is not easily hacked when basic precautions are taken.

Very similar to people realizing they need a backup right after they've lost all their data.



Options:  Reply • Quote
Re: Wordpress site hacked
Posted by: M A V I C
Date: September 01, 2021 04:22PM
Quote
freeradical
Why is WordPress so easy to hack?

It's not any easier than any other self-hosted CMS. It's not the same as something like Squarespace where they host the application and can update at will.




Help MacInTouch: Buy from Amazon? use this link [amazon.com]
Mac News & Info: [macintouch.com] [macnn.com] [tuaw.com]
Mac Benchmarks: [barefeats.com]
Used Mac Stuff [FS/T]: LowEndMac Swap List
Mac Software Updates: [macupdate.com]
Fonts: [dafont.com] [fontspace.com]
Online Computer Store With Mac Support: [macsales.com]
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 82
Record Number of Users: 186 on February 20, 2020
Record Number of Guests: 5122 on October 03, 2020