We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
All my Wordpress sites got HACKED
All my Wordpress sites got HACKED
Anyone experiencing mass wordpress hack?
Re: All my Wordpress sites got HACKED
What Wordpress version do you use?
Re: All my Wordpress sites got HACKED
I always use the latest version. I am not sure if it is vesta or wordpress related. I just wanted to keep you guys informed. Be careful these days.
viewtopic.php?f=10&t=6980 makes me think, if I received a shell script or something...
viewtopic.php?f=10&t=6980 makes me think, if I received a shell script or something...
-
- Posts: 13
- Joined: Fri Feb 06, 2015 11:37 am
Re: All my Wordpress sites got HACKED
I had this once. Wordpress is under heavy attack all the time.
I would strongly reccomend to follow all these steps: http://codex.wordpress.org/Hardening_WordPress . But keep in mind: putting wp-config one folder higher as they say, doesn't work anymore if you use apache basedir and nginx hosting as reccomended in the other topic you name.
Next to that, I can advise to install Clef-login and BruteProtect for Wordpress. They reduce the danger.
Last, I can recommend CloudFlare. Not only does it provide a speed boost for your websites, but it also keeps DDos attacks and known threaths from your websites.
I would strongly reccomend to follow all these steps: http://codex.wordpress.org/Hardening_WordPress . But keep in mind: putting wp-config one folder higher as they say, doesn't work anymore if you use apache basedir and nginx hosting as reccomended in the other topic you name.
Next to that, I can advise to install Clef-login and BruteProtect for Wordpress. They reduce the danger.
Last, I can recommend CloudFlare. Not only does it provide a speed boost for your websites, but it also keeps DDos attacks and known threaths from your websites.
Re: All my Wordpress sites got HACKED
thank you but all sites were using cloudflare. i will keep this topic informed.ZipperZapper wrote:I had this once. Wordpress is under heavy attack all the time.
I would strongly reccomend to follow all these steps: http://codex.wordpress.org/Hardening_WordPress . But keep in mind: putting wp-config one folder higher as they say, doesn't work anymore if you use apache basedir and nginx hosting as reccomended in the other topic you name.
Next to that, I can advise to install Clef-login and BruteProtect for Wordpress. They reduce the danger.
Last, I can recommend CloudFlare. Not only does it provide a speed boost for your websites, but it also keeps DDos attacks and known threaths from your websites.
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: All my Wordpress sites got HACKED
how does that protect your base server ? how do you ensure someone is not breaching your server, through SSH/MySQL/HTTP or any other vulnerabilities. Security is a process...not a product!cagatay wrote: thank you but all sites were using cloudflare. i will keep this topic informed.
Re: All my Wordpress sites got HACKED
hey idiot, did I ever say I am protected by cloudflare? he asked me if I use cloudflare, I said yes I do.mehargags wrote:how does that protect your base server ? how do you ensure someone is not breaching your server, through SSH/MySQL/HTTP or any other vulnerabilities. Security is a process...not a product!cagatay wrote: thank you but all sites were using cloudflare. i will keep this topic informed.
Re: All my Wordpress sites got HACKED
Do all your wordpress use the same database or a different one?
Re: All my Wordpress sites got HACKED
All use different database and some sites has their own vesta username. I assume he got himself a shell access.joem wrote:Do all your wordpress use the same database or a different one?
I am considering a safer paid panel solution. Using unmature panel for business is too risky for me.
Re: All my Wordpress sites got HACKED
What does using VestaCP have anything to do with it? You don't even know how your Wordpress sites were hacked, you assumed they got shell access well what do your logs says?cagatay wrote:All use different database and some sites has their own vesta username. I assume he got himself a shell access.joem wrote:Do all your wordpress use the same database or a different one?
I am considering a safer paid panel solution. Using unmature panel for business is too risky for me.