Hacked site - Finding the damage

[AidanLCFC]

I've just found out one of my sites using wordpress has been hacked (again) and they have injected code somewhere which has added hidden links into every page, and probably more. Is there any decent tools which can be used to help find where they got in and where they added the code?

 

[edgarf76]

I use securi but it is not free.

 

[Strider1973]

Did you look at the dates when the files were modified?
You could also use the free Wordfence plugin to check your site.

 

[AidanLCFC]

I use securi but it is not free.

I was using their paid version a while back but didn't find it much good. Found the problem and deleted it then installed wordfence which seems to have found the rest of the bits

 

[edgarf76]

That is great, good stuff. What tool did you use to find the problem besides wordfence?

 

[Belkster]

I've just found out one of my sites using wordpress has been hacked (again) and they have injected code somewhere which has added hidden links into every page, and probably more. Is there any decent tools which can be used to help find where they got in and where they added the code?

Have you tried using a proven developer?

 

[AidanLCFC]

That is great, good stuff. What tool did you use to find the problem besides wordfence?

Not sure as my hosts scan it and found the injected content and then I used wordfence to find the rest of the muck

 

[robjmiller84]

I use securi but it is not free.

If Securi's cost is a concern for you, it may be worth exploring other security options available in the market that offer a balance between affordability and effective protection. Evaluate the features and reputation of different security tools to find the one that best fits your needs and budget.

 

[AussieDave]

Hacked once is a pain, but hacked twice... Get yourself a static IP from your ISP, and add a htaccess file... deny from all allow from static IP only, and place that into your wp_admin folder.

Also, when WP installs itself, it grants permission to all Database Privileges. This is a huge security issue.

https://www.wpwhitesecurity.com/secure-mysql-database-privileges-wordpress/ gives one at least some knowledge about operating a WP site and the security required to make your WP site less-inviting to hackers.

 

[AidanLCFC]

Hacked once is a pain, but hacked twice... Get yourself a static IP from your ISP, and add a htaccess file... deny from all allow from static IP only, and place that into your wp_admin folder.

Also, when WP installs itself, it grants permission to all Database Privileges. This is a huge security issue.

https://www.wpwhitesecurity.com/secure-mysql-database-privileges-wordpress/ gives one at least some knowledge about operating a WP site and the security required to make your WP site less-inviting to hackers.

I think the original hack wasn't completely cleaned up properly and left a gateway to get back in. hopefully sorted now though