This is the second time in a month that I've been maliciously hacked; this time it's spread across almost all my domains on my WebFaction account. I'm diligent about keeping my WordPress installs up to date, and my passwords reasonably elaborate. Last time this happened, I:
Anything else I should be doing? I don't have any account access at the moment, so I can't do much else, but... well, what else is there to be done? I'm using 25-character random passwords like i(97JK{a],dklkfIWM!@~79uIKBb, not like "password" or "mydogfred" or whatnot. I'm at a loss. asked 13 May '12, 08:28 mattshepherd |
Hi Matt, For popular applications such as WordPress, you need to stay on top of the newly discovered vulnerabilities and update WordPress, its themes and plugins as soon as possible. I've investigated your last incident and found the vulnerability that was used - a theme in one of your sites had a vulnerable search form processor (searchform.php). In other words, just updating WordPress to the latest version is not enough, you need to make sure that your themes and plugins aren't vulnerable as well. answered 13 May '12, 09:55 todork |