Eddie147
Member
- Jan 25, 2020
- 71
- 18
- 8
Not yet
still working on it. I think I'm going to download clean backups, delete everything from within my hosting, and then reupload. It's a lot of work though and not even sure this gonna solve it.Please Help!! I lost hope in WordPress!
- Thread starter Eddie147
- Start date
-
Welcome to Original Babiato! All Resource are Free and No downloading Limit.. Join Our Official Telegram Channel For updates Bypass All the resource restrictions/Password/Key? Read here! Read Before submitting Resource Read here! Support Our Work By Donating Click here!
still working on it. I think I'm going to download clean backups, delete everything from within my hosting, and then reupload. It's a lot of work though and not even sure this gonna solve it.
phaze1G
Member
- Aug 30, 2019
- 46
- 13
- 8
don't forget to clean the db "IMPORTANT"Not yet
mohamadalshami
Active member
look one of my experiences that theme24 plugins are infected with viruses and not all antivirus detect it even virustotal, the only thing that helped me was using https://www.imunify360.com/ it really helped my site to be safe and to be secure if all viruses and the good luck that it's available for most of the panels for free, hope you save your sites !
comcpa2022
Well-known member
Staff member
Moderator
Babiato Lover
GiveAway Master
Trusted Seller
Trusted Uploader
I feel really sorry @Eddie147 , i can try to help you. Just send me a pm. I have just been working on a VPS who had very strange behaviors, after days I fixed it, and of course, the person was very happy ;-). Never outdated themes, plugins, etc. that is very important. So Eddie let me know and send me a PM.
The first part is a configuration inside WordFence >> All Options >> Brute Force Protection
The second part you can find a lot of different plugins to block xmlrpc
- Dec 1, 2018
- 23,617
- 26,959
- 120
The second part is Wordfence >> All Options .>> Advanced firewall options
Immediately block IPs that access these URLs
And have your site address like this
You can enter multiple lines to limit access to various parts of your website
Do not forget to whitelist your computer IP address to bypass all rules or you'll be blocked too when accessing restricted URLs
Immediately block IPs that access these URLs
And have your site address like this
(http or https)://yoursite.com/xmlrpc.php You can enter multiple lines to limit access to various parts of your website
Do not forget to whitelist your computer IP address to bypass all rules or you'll be blocked too when accessing restricted URLs
- Feb 28, 2021
- 280
- 1,123
- 93
You remind me of my past. 5-6 years ago I also used wp to make my personal blog. But after being hacked everywhere on the host, my feeling is very similar to you right now. After scanning all, the cause is detected that the plugin automatically updates and it has the code to upload the file (encoded with base64). First you need to check the log access / error to see which urls the hacker accessed to find the shell file. Disable it and check the newly created files. Do this before the restore to check that the restore is clean. Remember to turn off automatic updates.
In addition to the malicious code in the plugin / theme, there are still many other factors. Share host, Local attack, Host staff, ...
Everything has two sides, wp free and open source, if now and in the future use wp, you need to equip more security knowledge.
Currently I no longer use wp because I do not have much security knowledge. I have built my own website with other fw.
In addition to the malicious code in the plugin / theme, there are still many other factors. Share host, Local attack, Host staff, ...
Everything has two sides, wp free and open source, if now and in the future use wp, you need to equip more security knowledge.
Currently I no longer use wp because I do not have much security knowledge. I have built my own website with other fw.
underwater
Active member
- Nov 26, 2020
- 256
- 63
- 28
Thank you @slvrsteele . I just did what you suggested. Thank you. Is there any other lines that you suggest to block other than that xmlrpc line?
underwater
Active member
- Nov 26, 2020
- 256
- 63
- 28
Thank you @KarmaticOne ! I just opened the setting you mentioned. It says 20 login failure attempt as the limit. If I just make it max 5, is it okay?
Clouded
Active member
- Dec 27, 2020
- 107
- 21
- 28
maybe a bit of information on how they got in...
elementor and supercache
thehackernews.com
elementor and supercache
Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites
Flaws in Elementor and WP Super Cache WordPress Plugins Affect Over 7 Million Websites
thehackernews.com
One tip for this is to use the Live Traffic feature and see what paths the attacks are targetting, you might notice a pattern and you can then add those lines to the list under the xmlrpc line.
Hope that makes sense.
Last edited:
That's a matter of need/prefrence, there could be a requirement for other user access, in which case 5 would be good.
I personally have my setting much more strict than that given in my case I should be the only user to have backend access on my client sites.
Last edited:
underwater
Active member
- Nov 26, 2020
- 256
- 63
- 28
Well explained. Thanks alot @KarmaticOne
About your setting where you are the only user to have backend access for your clients site, it it only possible to achieve for non techie (code master) person? Could you please refer me to read the tutorial or something like that related to that kind of setting, if any. Thank you in advance!
A good starting point is to improve our general knowledge about WordPress security, for that you can check out this article:
Guide to WordPress Security Best Practices 2021
Once you are ready to dive a little deeper, you can look at this article guide for WordFence settings. However, it should be noted that some of the more advanced recommendations contained in the article will require a basic level of coding:
How to Configure Wordfence Options for Secure Website
Hope this helps. Best of luck.
Similar threads
