Vesta Control Panel - Forum

Anyone experiencing mass wordpress hack?

What Wordpress version do you use?

I always use the latest version. I am not sure if it is vesta or wordpress related. I just wanted to keep you guys informed. Be careful these days.


viewtopic.php?f=10&t=6980 makes me think, if I received a shell script or something...

I had this once. Wordpress is under heavy attack all the time.

I would strongly reccomend to follow all these steps: http://codex.wordpress.org/Hardening_WordPress . But keep in mind: putting wp-config one folder higher as they say, doesn't work anymore if you use apache basedir and nginx hosting as reccomended in the other topic you name.

Next to that, I can advise to install Clef-login and BruteProtect for Wordpress. They reduce the danger.

Last, I can recommend CloudFlare. Not only does it provide a speed boost for your websites, but it also keeps DDos attacks and known threaths from your websites.

ZipperZapper wrote:I had this once. Wordpress is under heavy attack all the time.

I would strongly reccomend to follow all these steps: http://codex.wordpress.org/Hardening_WordPress . But keep in mind: putting wp-config one folder higher as they say, doesn't work anymore if you use apache basedir and nginx hosting as reccomended in the other topic you name.

Next to that, I can advise to install Clef-login and BruteProtect for Wordpress. They reduce the danger.

Last, I can recommend CloudFlare. Not only does it provide a speed boost for your websites, but it also keeps DDos attacks and known threaths from your websites.

thank you but all sites were using cloudflare. i will keep this topic informed.

cagatay wrote: thank you but all sites were using cloudflare. i will keep this topic informed.

how does that protect your base server ? how do you ensure someone is not breaching your server, through SSH/MySQL/HTTP or any other vulnerabilities. Security is a process...not a product!

mehargags wrote:

cagatay wrote: thank you but all sites were using cloudflare. i will keep this topic informed.

how does that protect your base server ? how do you ensure someone is not breaching your server, through SSH/MySQL/HTTP or any other vulnerabilities. Security is a process...not a product!

hey idiot, did I ever say I am protected by cloudflare? he asked me if I use cloudflare, I said yes I do.

Do all your wordpress use the same database or a different one?

joem wrote:Do all your wordpress use the same database or a different one?

All use different database and some sites has their own vesta username. I assume he got himself a shell access.

I am considering a safer paid panel solution. Using unmature panel for business is too risky for me.

cagatay wrote:

joem wrote:Do all your wordpress use the same database or a different one?

All use different database and some sites has their own vesta username. I assume he got himself a shell access.

I am considering a safer paid panel solution. Using unmature panel for business is too risky for me.

What does using VestaCP have anything to do with it? You don't even know how your Wordpress sites were hacked, you assumed they got shell access well what do your logs says?