My App Site Hacked by TurkHackTeam

Got into the office today only to be greeted by a website hack - bugger.

Do we have any Wordpress experts in the house who could offer some assistance? I've contacted my Host (Hostnine) but this has happened in the past and they're pretty rubbish at providing any help, so thought I'd reach out to the community to see if anyone has been through this before.

I've still got access to the login, so I don't think it's as bad as the one I had experienced in the past, as that one, I was totally locked out of my site, so I'm hopeful this will be an easier fix.

Here's a screenshot:

 

Dem... hackers just don't do anything productive with their time They should be hacking Banks not WP sites.
- When you log into your WP Dashboard, do you see the Dashboard?
- Have you changed your password?
- Have you created another admin account as backup?

 

it might be your wordpress is not being updated or mysql and admin account is still default account. i thinks it's time to update your wordpress.

 

@darone thanks mate, the website auto updates and nothing is default as I've been down this road before. Have several security plugins in place, but still, the little bastards get in.

@sysads Yes I can see the dashboard, but haven't changed anything yet, was waiting for some feedback as to the best practices before changing anything.

 

- OK if you can see the Dashboard, what happens when you preview the website?
- If the preview displays that hack error, then try and switch the theme to another theme as temporary and see what happens

 

the default wordpress installation is very unsafe - even the latest versions. You might want to look into the plugin "All In One WP Security" (or similar)

 

even if you can access your site, it's preferrable to re-do a clean install of the wordpress site (if that's the only hacked area). The reason is that you don't know if they installed anything that provides them access to your blog making all your efforts vain.

another plugins you want to install is "UpdraftPlus "- Backup/Restore (to automate backup to S3/Dropbox/etc/

 

make sure to change your MySQL user / password as they might have access to it (also from remote)

 

Great advice from everyone, thanks guys.
I will try all the above and see how things pan out, cheers.

@sysads I'll try that to see, thanks.

@netkomm I currently have iThemes Security, Updraft and Wordfence Security plugins installed, so they haven't stopped the hack, so an alternative is required I reckon. I'll check out 'All In One WP Security' and follow your steps, if I don't get lost

 

@Phill Mason, so sorry to hear that

Checkout iThemes security - You can mask wp-admin ( changes the URL to something impossible to guess ) so it's not so open to brute force attacks - You can also shutdown the whole admin system so it's locked out during periods where you're unlikely to be doing stuffs ( IE 11pm-8am ).
You should be able to find your hashed out password in the DB and replace it in there also - be sure to take a backup before you do anything just incase. Also see if your host can roll back the files and DB to a couple of days ago and secure everything up from the last clean working copy.
Good luck man.

 

https://www.cloudflare.com might help prevent attacks too

 

Unless you hire good security expert to do a full analysis and remediation you should completely rebuild the site from scratch. Meaning completely reinstall Wordpress, lock it down and carefully restore the content. If you try to "fix" the issue they will keep getting in.

 

@Kevin W @darren @Andy
Thanks for all the tips guys, very much appreciated.

@Kevin W I love the look of your website, great layout for apps. Is it bespoke, or a particular template?

 

Expert Here

What kind of Wordpress Theme You use? Something from Themeforest?

 

Hey @Elman I've been using the WP 2015 template.

 

Kevin's template is in themeforest.

Avoid trying to repair the site if its hacked. Just export your contents, delete the old theme, install a new one and import the content back. Change the admin password, ensure no other account had been created.

All this should take less than an 1 hr to complete and you now have a new shinny website

 

You mean the default Themes which come with Wp? Well, their not "bad", but because their default and used by a lot of people, hackers always try to find some loopholes in them. I would suggest some of the premium themes from themeforest ( http://themeforest.net/popular_item/by_category?category=wordpress ) . Most of them are really easy to install and have some great features. With a little bit of wp knowledge you can create a great website, by drag and dropping with the Visual Composer. Something like BuildBox for Websites

Few Recommendations for security:

- i have a few sites on hostnine, enable email notifications because they sometimes open up a ticket about malware on the site (which can lead to hacking if ignored)
-rename the wordpress table prefix, default it is wp
- never have a admin named user. For first installation you can use admin, but then create a separate account and delete admin
- some of those security plugins you already use
- hide login area (so that wp is not accessible over wp-login.php)
- protect upload folders

About hacked website:

-do a fresh install
-if you don't have to much content, redo it. Sometimes hackers hide code in the database like a backdoor (or even on the server).

There is a lot of good advice over the internet, but I would really suggest to start with a premium theme and a fresh wordpress install. And of course updating them on a regular base.

Hope that helps,if you have a specific question, feel free to ask

cheers

 

I have considered using a theme from http://www.elegantthemes.com/
I have yet to get going with my company's site, so the information in this thread is really helping me learn how to protect my site once it goes up. Thanks to those in the community who have contributed to the thread here. Sorry that this happened to you Phil

 

@Phill Mason - yes, as mentioned above

 

Thanks for the super checklist @Elman, very much appreciated. I have a backup from a few months back with 90% of the pages and posts in it, so I think I'm going to hire someone to set it all up for me as I haven't got the time at the mo, but plan to implement all the great tips in this thread. Many thanks BB community, feeling the love