BEGIN TYPING YOUR SEARCH ABOVE AND PRESS RETURN TO SEARCH. PRESS ESC TO CANCEL

And the Hack goes on…

Hacked AgainSo once again my site was hacked. I have verified it was definitely a SQL Inject hack. So I am rattling my brain on the best way to block it. Because of the caching product I use, my original country blocking plugin was only blocking access to the login page for WordPress. I wanted to block it more effectively so I have turned to using a separate country blocking plugin. The hack injected a new entry under “site url” under the wp-options table. So when the page loaded it loaded all of the JavaScript and loaded content from three different sites. So luckily after I compared a previous backup to a new backup and found that the only change I fixed the issue by updating the field in the database.  I have suspicions that they may some how be exploiting a flaw in my theme so it may be time to change themes so don’t be surprised to find a new theme here soon.

I looked through access logs trying to pin point where the hack originated. My eyes are glazing over as I look at all of the different IP addresses that hit my site on a daily basis and my site doesn’t even have that much traffic. Thankfully nothing lost and the fix was easy. But I have had to add additional things to try and harden my site.

 

Christian | Father | Tech Evangelist | Author | Public Speaker | Future TEDx speaker |WordPress Aficionado *I am the author of "WordPress: Setup to Website". I love all things tech and gadgets and I probably have an opinion about it which some people seek out.Follow @aroyrichardson