I have just had to deal with a few of my WordPress websites being hacked. First time put an index.html file in the cpanel of each site and replenished my admin user. Once I felt I cleaned this up, it’s happened once again but it changed my title tag to “Hacked by Bala Sniper” and the widgets from the footer of each website were removed.
My WHM account isn’t WP only websites so I know it can’t be a hacker accessing from there.
I’ve Googled this many times and rectified a few issues such as not making the id=1 to be admin, captcha plugin amongst a few others.
I feel this is going to happen once again. I’m on here to ask if anyone has had this problem today or yesterday or if you’ve ever had this hacked by bala sniper title tag change etc. and if you cleaned up the problem and tightened your security, to hopefully help me out amongst anyone else who reads this.
What is concerning me the most is that it’s been every single wordpress site on my WHM was compromised and I’ve not found anything where every single site has something similar to them all.
Thanks for anyone to helps, I have googled this and rectified as much issues I’ve neglected, just need to know why all of my WP accounts were effected.
wordpress configuration file is located in the root.In the event that PHP stops functioning on webserver for any reason.we run the risk of this file being displayed in plaintext,which will give our password and database information to visitor.
you can safely move wp-config directory up out of root directory.this will stop if from accidentally served. WordPress has built-in functionality that automatic check parent directory if it cannot find a configuration file.
In this situations on certain hosts, is not option. An alternative on Apache web servers is to set your .htaccess to not serve up the wp-config file.
Add the following line to ur .htaccess file in the root directory.
<FilesMatch ^wp-config.php$>deny from all</FilesMatch>
I wanted to state, this happened to me a few times in the early WP 3.x days.
Am using GoDaddy shared hsoting etc.
My solution, i compiled my own HTaccess file(if ur using Apache) against RFI / LFI / SQL injects etc, just very basic ones, disabling the use of base64, bogus image hacks, finger printing and so on.
Then you need to check your CHMOD aka Permissions, you can also do that through FTP or filemanager, or better HTACCESS, the one of the last things, is actualy hardening your WP, and this is not a easy task, stop relying on Revolution Slider(just for example), and keep a whatch out on epxloit-db or vulndb for things concerning plugins that you use.
Check this out, and edit the .htaccess file at the start ull see YOURDOMAIN.COM and change them -> lines 21 and 22