«

»

Jan
07

WordPress Site Hacked

by

Apparently techlauve.com was hacked sometime in the last few days.  Upon pulling up the site this morning I was greeted by Arabic music, Arabic text, English text declaring that I had been hacked, and two pictures:  A middle-eastern man pointing a gun at a woman and child, and a picture of a sniper kitten.  Awesome.

I logged in to my web hosting control panel’s file manager to have a look around.  It would seem that the hacker was able to exploit a well-known security vulnerability in WordPress.  My wp-config.php file was full of garbage.  This not only prevented the site from being viewed (and displaying the wonderful “you’ve been hacked” message), but also prevented me from accessing the wp-admin site.

How I fixed it:

  1. I renamed my wp-config.php to wp-config-hacked.php.
  2. I created a new wp-config.php with the following lines:

    define('DB_NAME', 'your-database-name');

    define('DB_USER', 'your-database-user');

    define('DB_PASSWORD', 'your-database-password');

    define('DB_HOST', 'localhost');

    define('DB_CHARSET', 'utf8');

    define('DB_COLLATE', '');

  3. At this point the hacked page was gone, but the page just showed a database error.  I realized that the hacker had probably changed my password.  Great.  I set a new password for my database user in both my hosting control panel and in the wp-config.php.
  4. Now the site loaded, but I could not get into the /wp-admin page.  He/she must have changed that password too.  I would have to reset the password from the database since I couldn’t get into my dashboard:
  5. From phpMyAdmin, I clicked on the database associated with my WordPress site and edited the wp_users table.
  6. I typed in the new password in the user_pass field, set the function column to MD5, and executed the command.
  7. Checked again and everything is up and running!

What Happened?  How can I prevent this?

Apparently this is quite common when the permissions set on wp-config.php are set to 755.  After some googling of the issue I realized that this is the default permission for this file even though it is very well documented that it should be 640.  If you are not familiar with UNIX permissions, use your web-host’s file manager or any FTP program and change the permissions on the file to match the following graphic:

There are other ways to secure the file, but this was the one that I chose.

I also backed up the file structure of my entire site as well as all of my WordPress databases and exported XML backups of WordPress from within the dashboard.

-n

No related content found.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.