I need some kind help! Website keeps getting hacked!

Hi all!

My wordpress keeps getting hacked. Twice already by the same people. All they do is add a redirect and send all my traffic to spam, malicious and other bad websites.

I’ve renamed login bath, blocked IPs from unnusual places with some rules but I am afraid it may happen again.

I disabled all extra admins and changed the passwords but since they are not even logging in the website, I felt that maybe they are getting a hold of some of the accounts liked to the admin level of my domain such as cloudflare or ServerPilot.

Any advice on what they could be changing to add these redirects and how I can protect my wordpress website?

I strongly suggest you add the Wordfence plugin. The free version is very good at this. It will scan your files and do a pretty good job of cleaning up hacks, then protect against new ones.

They also have a Site Cleaning service and they will take care of all of this for you and get you one year of their premium plugin.
https://www.wordfence.com/wordfence-site-cleanings/

2 Likes

I actually did that before it was hacked the second time. Which is why I came here. I installed this plug in and also a WP admin login hide. Spent a few days configuring Wordfence and configuring it but then to my SURPRIZE the same thing happened again! Wordfence made no difference at all and it didn’t even help with basic hacks which this does seem to be something basic since my passwords are not compromised.

once you got hacked you are in troubles… because you no longer can trust anything, and they could open more holes for them…

I would format or just change the server, back up from the latest point I hope was clean, update all plugins + server software, remove all unused stuff, scan with antivirus and malware the entire stack, move everything I can to cloud, like hosting users uploads on s3(they can secure it better than you)

also check the logs from old server for any clue

3 Likes

It just happened again! they certainly left some hole somewhere…

if you visit my website: melhoramiga.com.br/ you will see that you will be forwarded to spam pages.

Any advice anyone? Wordfence did nothing nor the rules i set on cloudflare…

@boynet2’s advice is probably spot on. At this point you have no idea how they compromised your machine and even if you patch something here and there, you wont have a guarantee they dont have access somewhere else. You machine simply has been compromised and it would be best to set up the entire machine from scratch.

If you do not run your own machine but use shared hosting, you best contact your host.

Unfortunately however that topic is way beyond the scope of the forum here and you might want to look over at forums dedicated to server administration.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.