tags:

views:

132

answers:

2
+1  Q: 

How was my WordPress site hacked?

Hello,

For context please read over my previous question.

http://stackoverflow.com/questions/2329371/wordpress-website-is-automatically-redirecting-after-load

Thanks to all of you who helped and advised in that last question. The site is cleaned up now and I thought would offer a few clues I noticed during cleanup and was wondering if anyone might could offer some ideas as to HOW the site was hacked?

The bottom line is that the database had 2 admin users that I had never added or made into admins. (Of course they can add themselves though registration but should not have been admins.) These users did NOT have email addresses entered which should not be possible.

The other wordpress sites that are using this same database (with the prefix for the table names...you wordpress users know what I am talking about) did not have any errant user accounts in the ??_users table...which suggests to me that the database itself was not hacked. It seems that BOT / Hacker had to do this through the WordPress API.

Any thoughts?

Seth

+1  A: 

Wordpress has a long colorful history of exploits. Unless someone knows the version and vector, you're probably not going to get an answer to "how was my site hacked" - and there are virtually infinite vectors.

It probably was an automated hack, but you can't be sure of that. You could look through your logs, but that won't provide enough information typically.

Your best bet is a full reinstall and to keep your WP install up to date w/the latest patches in the future. Also, don't install a bunch of widgets and other things that you don't need, as that just adds additional vectors of attack to your system.

Mr-sk  2010-02-27 15:48:23
+2  A: 

Wordpress does have a history of vulnerablities - like many CMS's - but you're hosted on GoDaddy (and it's shared hosting, I assume) which also has a history of being hacked: Search › godaddy hack.

How strong is your password(s)? What about directory permssions? Maybe Harden Wordpress with Mod Rewrite and htaccess for your admin IP?

As for logs, I can see the past year's http logs for one on my sites hosted at GoDaddy (rock bottom econmy hosting) in the Hosting Control Center under Stats or via FTP. If you have a higher grade hosting package with shell access, check if there are better logs.

songdogtech  2010-02-27 21:10:13

related questions

What's the best way to develop against WordPress on Windows when you already have IIS/SQL Server installed?
How do I use SCM with a PHP app such as Wordpress?
Getting IIS6 to play nice with WordPress Pretty Permalinks
YouTube embeds not working in WordPress after import from Blogger
Wordpress.. Is it a CMS?
How should a blog be structured to easily extract its data?
What database privileges does a Wordpress Blog really need?
What's the best way to run Wordpress on the same domain as a Rails application?
Is the syntax for the Wordpress style.css template element available anywhere?
How do you add a JavaScript widget to a Wordpress.com hosted blog?
What is the best CSS grid framework that integrates with Wordpress?
Using Apache mod_rewrite to remove sub-directories from URL
Joomla Blog/Wordpress Integration
Running a scheduled task in a Wordpress plug-in
Wordpress Category Template Question
Wordpress MediaWiki Cookie Integration
Preview theme in Wordpress
Seeking code highlighter recommendation for WordPress
Wordpress MediaWiki Integration
How do I list all Entries with a certain tag in Wordpress?
Mysql: Using "AND" Operation on tags and categories tables in Wordpress
How do I display database query statistics on Wordpress site?
Resources on wordpress theme-development
What is best blogging host for programmers/code formatting?
Wordpress theme development offline tools