Widgets unsecure? | ww.wp.xz.cn

-legend-
(@-legend-)

13 years, 3 months ago
My site has been hacked twice today. I do not know how it is happening, but what I know is that the hackers are accomplishing the hack by deleting the widgets and creating one that has javascript in it that changes the message. I have been using the buddypress default theme, and here are my plugins:
- Allow Multiple Accounts
- BP Group Management
- BuddyPress
- BuddyPress Group Email Subscription
- BuddyPress Template Pack (Deactivated)
- Code Insert Manager (Q2W3 Inc Manager)
- Force gzip
- Google XML Sitemaps
- GRAND Flash Album Gallery
- Improve My Load Times
- Jetpack by WordPress.com
- Members
- Shortcodes Ultimate (Manually updated timthumb)
- TinyMCE Advanced
- WP Super Cache
- WP Survey And Quiz Tool
Any help will be appreciated in advance.

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter -legend-
(@-legend-)

13 years, 3 months ago

BTW, by changed the message I mean clears the content of the body and replacing it with their message.

esmi
(@esmi)

13 years, 3 months ago

You need to start working your way through these resources:
http://codex.ww.wp.xz.cn/FAQ_My_site_was_hacked
http://ww.wp.xz.cn/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less than this and the hackers will walk straight back into your site again.

Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Widgets unsecure?’ is closed to new replies.

In: Fixing WordPress
2 replies
2 participants
Last reply from: esmi
Last activity: 13 years, 3 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics