You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.
Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"
Shure! this is the videoBro can you explain the setup of iThemes security + BBQ Firewall?
Or refer to the YouTube video you followed.
Thank you
Before Babiato I used to download themes and plugins from several sites likes. One in particular The WordPress Vault or something similar has malware inside LearnDash plugins and infected my site and other sites. I recreate all the site from 0. IĀ“m not finding a solution to delete the malware and repair that WordPress installation.guys pls I need your help.
the CC in inmotion has no solution to my issue. instead, they Quarantined all my websites and the result is the attached file. however, I am certain that the backup I have on onedrive might be affected too.
what should I do to recover the site from (index of /) on all the websites?
i am confused now
I don't agree with the bulk of your submission. "Manually" isn't a bad idea but when there is a frequency to changing that, then it is recommended to use a security plugin that handles your core security. VPS can't exactly save a WordPress website from getting hacked. WordPress is the most used CMS in the world and its sheer use means you'll be drawn to hackers and loopholes.
VPS use won't save you from getting hacked on WordPress.
Before Babiato I used to download themes and plugins from several sites likes. One in particular The WordPress Vault or something similar has malware inside LearnDash plugins and infected my site and other sites. I recreate all the site from 0. IĀ“m not finding a solution to delete the malware and repair that WordPress installation.
After Babiato I only work whit stuff member share here. I love this community all work perfectly. I recommend you start fresh with that site. Before that, you can try to identify what plugins have the malware.
The security plugins in my experience work fine to prevent infections, but not for clean infected sites. I whish you good luck!
Thank you but where's the file?I was trying to add my comment with codes but it was not publishing and giving errors, so I have attached my code in a text file please download for refference. Please add these codes inside child themes functions.php or mu-plugin file or site specific plugin.
First of all, I have prevented unknown domain registration which hackers do on to create accounts on your accounts by using this code.
Note:see text file
Then I have added google recaptcha on my registration and login pages plus on comments form, to prevent wp-login attack, and comment spam, which hackers do by using direct url injection by tools, So if a human is doing so he will solve the recaptcha. use below code to do so.. but do not logout before adding google secret key and api key in wordpress settings menu after you add this code.
Note:see text file
Then I have disabled xmlrpc using below code
Note:see text file
Then I have disabled login errors to prevent username guessing
Note:see text file
Then I have added .htaccess file inside wp-content and uploads folders to prevent file changes other than required permission.
Note:see text file
And also added this .htacces file for directory protection inside wp-includes folder
Note:see text file
Then I have chnaged wp-config.php to 444 permission or 400. also set the index.php's from root folder to 444 permission because when a plugin has any malicious code they try to add code in these files. Also they add codes files and folders in wp-content and wp-includes. If you use nulled plugins and thems then use these tricks to mitigate the hacking attempt.
For ddos attack I have csf firewall on my servers and mod security, I use cwp pro on my server which provides latest comodo rules for mod security.
apart from this I also wish to use 7g firewall on my site for a try.
I agree with above comments to not use any plugin for security, i have tried them, and they eat resources, also if i need to check any plugin for malicious codes i scan it on virustotal, and if the plugin is installed then i use wordfence to run a scan and then i deactivate and remove the plugin, after use.
In my experience all cache plugins are useless, all security plugins are useless, and all seo plugins are useless. I try to find codes for implementing various porpose.
Thanks babiato for this awesome forum, I hope someone would get benifited from this comment.
The file please.I was trying to add my comment with codes but it was not publishing and giving errors, so I have attached my code in a text file please download for refference. Please add these codes inside child themes functions.php or mu-plugin file or site specific plugin.
First of all, I have prevented unknown domain registration which hackers do on to create accounts on your accounts by using this code.
Note:see text file
Then I have added google recaptcha on my registration and login pages plus on comments form, to prevent wp-login attack, and comment spam, which hackers do by using direct url injection by tools, So if a human is doing so he will solve the recaptcha. use below code to do so.. but do not logout before adding google secret key and api key in wordpress settings menu after you add this code.
Note:see text file
Then I have disabled xmlrpc using below code
Note:see text file
Then I have disabled login errors to prevent username guessing
Note:see text file
Then I have added .htaccess file inside wp-content and uploads folders to prevent file changes other than required permission.
Note:see text file
And also added this .htacces file for directory protection inside wp-includes folder
Note:see text file
Then I have chnaged wp-config.php to 444 permission or 400. also set the index.php's from root folder to 444 permission because when a plugin has any malicious code they try to add code in these files. Also they add codes files and folders in wp-content and wp-includes. If you use nulled plugins and thems then use these tricks to mitigate the hacking attempt.
For ddos attack I have csf firewall on my servers and mod security, I use cwp pro on my server which provides latest comodo rules for mod security.
apart from this I also wish to use 7g firewall on my site for a try.
I agree with above comments to not use any plugin for security, i have tried them, and they eat resources, also if i need to check any plugin for malicious codes i scan it on virustotal, and if the plugin is installed then i use wordfence to run a scan and then i deactivate and remove the plugin, after use.
In my experience all cache plugins are useless, all security plugins are useless, and all seo plugins are useless. I try to find codes for implementing various porpose.
Thanks babiato for this awesome forum, I hope someone would get benifited from this comment.
I am using Cloudflare, Tell me best options to protect my wordpress site??None is better, Protection happens at server level in my openion
configure some Security options and Firewall Rules at Cloudflare dashboard for protection (for example, country restriction, wp-login protection and Rate-Limit, Bot Fight Mode, Security Level, Browser Integrity Check, etc.)I am using Cloudflare, Tell me best options to protect my wordpress site??
Sorry about this. I would recommend the premium version of Wordfence. You can get it on the forum. Set it up and then use it to scan and clean your site. You might want to run the scan multiple times after every clean.Hey guys i have installed this on a site of a friend and i get this:
The situation here is if i want to know where the site is hacked i must purchase the 99 usd license, any good plugin for scan my wordpress database? and scan specifyc folder like wp-content?
############## Update ##############
I have removed almost whole content on wp-content, except security plugins and left default wordpress theme and now i see this:
So this confirm me that the virus it's located on the old wp-content, maybe a plugin or a theme
We get it, advertisements are annoying!
However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.
If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.