So once again my site was hacked. I have verified it was definitely a SQL Inject hack. So I am rattling my brain on the best way to block it. Because of the caching product I use, my original country blocking plugin was only blocking access to the login page for WordPress. I wanted to block it more effectively so I have turned to using a separate country blocking plugin. The hack injected a new entry under “site url” under the wp-options table. So when the page loaded it loaded all of the JavaScript and loaded content from three different sites. So luckily after I compared a previous backup to a new backup and found that the only change I fixed the issue by updating the field in the database. I have suspicions that they may some how be exploiting a flaw in my theme so it may be time to change themes so don’t be surprised to find a new theme here soon.
I looked through access logs trying to pin point where the hack originated. My eyes are glazing over as I look at all of the different IP addresses that hit my site on a daily basis and my site doesn’t even have that much traffic. Thankfully nothing lost and the fix was easy. But I have had to add additional things to try and harden my site.