Not yet
still working on it. I think I'm going to download clean backups, delete everything from within my hosting, and then reupload. It's a lot of work though and not even sure this gonna solve it.-
You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.
Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"
Please Help!! I lost hope in WordPress!
- Thread starter Eddie147
- Start date
still working on it. I think I'm going to download clean backups, delete everything from within my hosting, and then reupload. It's a lot of work though and not even sure this gonna solve it.
don't forget to clean the db "IMPORTANT"Not yet
look one of my experiences that theme24 plugins are infected with viruses and not all antivirus detect it even virustotal, the only thing that helped me was using https://www.imunify360.com/ it really helped my site to be safe and to be secure if all viruses and the good luck that it's available for most of the panels for free, hope you save your sites !
I feel really sorry @Eddie147 , i can try to help you. Just send me a pm. I have just been working on a VPS who had very strange behaviors, after days I fixed it, and of course, the person was very happy ;-). Never outdated themes, plugins, etc. that is very important. So Eddie let me know and send me a PM.
The first part is a configuration inside WordFence >> All Options >> Brute Force Protection
The second part you can find a lot of different plugins to block xmlrpc
The second part is Wordfence >> All Options .>> Advanced firewall options
Immediately block IPs that access these URLs
And have your site address like this
You can enter multiple lines to limit access to various parts of your website
Do not forget to whitelist your computer IP address to bypass all rules or you'll be blocked too when accessing restricted URLs
Immediately block IPs that access these URLs
And have your site address like this
(http or https)://yoursite.com/xmlrpc.php You can enter multiple lines to limit access to various parts of your website
Do not forget to whitelist your computer IP address to bypass all rules or you'll be blocked too when accessing restricted URLs
You remind me of my past. 5-6 years ago I also used wp to make my personal blog. But after being hacked everywhere on the host, my feeling is very similar to you right now. After scanning all, the cause is detected that the plugin automatically updates and it has the code to upload the file (encoded with base64). First you need to check the log access / error to see which urls the hacker accessed to find the shell file. Disable it and check the newly created files. Do this before the restore to check that the restore is clean. Remember to turn off automatic updates.
In addition to the malicious code in the plugin / theme, there are still many other factors. Share host, Local attack, Host staff, ...
Everything has two sides, wp free and open source, if now and in the future use wp, you need to equip more security knowledge.
Currently I no longer use wp because I do not have much security knowledge. I have built my own website with other fw.
In addition to the malicious code in the plugin / theme, there are still many other factors. Share host, Local attack, Host staff, ...
Everything has two sides, wp free and open source, if now and in the future use wp, you need to equip more security knowledge.
Currently I no longer use wp because I do not have much security knowledge. I have built my own website with other fw.
Thank you @slvrsteele . I just did what you suggested. Thank you. Is there any other lines that you suggest to block other than that xmlrpc line?
Thank you @KarmaticOne ! I just opened the setting you mentioned. It says 20 login failure attempt as the limit. If I just make it max 5, is it okay?
maybe a bit of information on how they got in...
elementor and supercache
thehackernews.com
elementor and supercache
Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites
Flaws in Elementor and WP Super Cache WordPress Plugins Affect Over 7 Million Websites
thehackernews.com
One tip for this is to use the Live Traffic feature and see what paths the attacks are targetting, you might notice a pattern and you can then add those lines to the list under the xmlrpc line.
Hope that makes sense.
Last edited:
That's a matter of need/prefrence, there could be a requirement for other user access, in which case 5 would be good.
I personally have my setting much more strict than that given in my case I should be the only user to have backend access on my client sites.
Last edited:
Well explained. Thanks alot @KarmaticOne
About your setting where you are the only user to have backend access for your clients site, it it only possible to achieve for non techie (code master) person? Could you please refer me to read the tutorial or something like that related to that kind of setting, if any. Thank you in advance!
A good starting point is to improve our general knowledge about WordPress security, for that you can check out this article:
Guide to WordPress Security Best Practices 2021
Once you are ready to dive a little deeper, you can look at this article guide for WordFence settings. However, it should be noted that some of the more advanced recommendations contained in the article will require a basic level of coding:
How to Configure Wordfence Options for Secure Website
Hope this helps. Best of luck.
Similar threads
