Title: Hacker attack Last modified: August 18, 2016 --- # Hacker attack * [erniew](https://wordpress.org/support/users/erniew/) * (@erniew) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacker-attack/) * Three times this month one of my sites have been hacked. The first time only the index.php file was compromised. The latest time (sunday august 27) was much more serious. Someone planted malware in the template folders, with the result that people going to the site got a phishing message claiming to be from Bank of America. * Someone immediately contacted Bank of America, who contacted my web host, who suspended the site. Later on I got a nasty message from the host, telling me that my site had contained illicit material, and if they found it once again, my account would be terminated. * I really don’t know how they managed to go into my account. The password was rather fresh and 8 characters. Maybe there is some vulnerability in my recent version. But just now I cannot upgrade, because I’m running the plugin MyGallery, and it is not working under 2.2. So before I upgrade, I have to find another solution to the problem with pictures. And my, it’s a job to upload all the pictures once again. * Are there some known issues about 2.1.3, vulnerabilities that I could protect myself from? * This is really concerning me! * /EGW Viewing 2 replies - 1 through 2 (of 2 total) * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacker-attack/#post-612802) * _Are there some known issues about 2.1.3, vulnerabilities that I could protect myself from?_ * Have you bothered to read anything here? * [http://wordpress.org/development/](http://wordpress.org/development/) * I dont mean to sound hard on you as it sounds like youve been chastized enough for one day, but you MUST stay informed. * Once is ‘almost’ excusable. Twice isnt. Third time.. theres something really wrong with how you are “doing things”. * 2.1.x is dead. And its been dead — because, among other reasons, it was INSECURE. * You install the latest of either 2.0.x or 2.2.x and you STAY CURRENT on upgrades. Even if you cannot be bothered to check in at that link above — ALL of that is sent straight to your dashboard inside the admin area. * Surely THAT isnt too hard? * [jingan-eugen](https://wordpress.org/support/users/jingan-eugen/) * (@jingan-eugen) * [17 years, 11 months ago](https://wordpress.org/support/topic/hacker-attack/#post-613218) * Check this: [http://www.bloggerguide.net/blog-platform/wordpress/wordpress-exploit-giving-backlinks-redirects-and-headaches-but-no-visitors/](http://www.bloggerguide.net/blog-platform/wordpress/wordpress-exploit-giving-backlinks-redirects-and-headaches-but-no-visitors/) Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Hacker attack’ is closed to new replies. ## Tags * [hacking](https://wordpress.org/support/topic-tag/hacking/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 2 replies * 3 participants * Last reply from: [jingan-eugen](https://wordpress.org/support/users/jingan-eugen/) * Last activity: [17 years, 11 months ago](https://wordpress.org/support/topic/hacker-attack/#post-613218) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics