Title: Widgets unsecure?
Last modified: August 20, 2016

---

# Widgets unsecure?

 *  [-legend-](https://wordpress.org/support/users/-legend-/)
 * (@-legend-)
 * [13 years, 3 months ago](https://wordpress.org/support/topic/widgets-unsecure/)
 * My site has been hacked twice today. I do not know how it is happening, but what
   I know is that the hackers are accomplishing the hack by deleting the widgets
   and creating one that has javascript in it that changes the message. I have been
   using the buddypress default theme, and here are my plugins:
    - Allow Multiple Accounts
    - BP Group Management
    - BuddyPress
    - BuddyPress Group Email Subscription
    - BuddyPress Template Pack (Deactivated)
    - Code Insert Manager (Q2W3 Inc Manager)
    - Force gzip
    - Google XML Sitemaps
    - GRAND Flash Album Gallery
    - Improve My Load Times
    - Jetpack by WordPress.com
    - Members
    - Shortcodes Ultimate (Manually updated timthumb)
    - TinyMCE Advanced
    - WP Super Cache
    - WP Survey And Quiz Tool
 * Any help will be appreciated in advance.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Thread Starter [-legend-](https://wordpress.org/support/users/-legend-/)
 * (@-legend-)
 * [13 years, 3 months ago](https://wordpress.org/support/topic/widgets-unsecure/#post-3536383)
 * BTW, by changed the message I mean clears the content of the body and replacing
   it with their message.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 3 months ago](https://wordpress.org/support/topic/widgets-unsecure/#post-3536444)
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Anything less than this and the hackers will walk straight back into your site
   again.
 * Additional Resources:
    [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress)
   [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) 
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Widgets unsecure?’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 2 replies
 * 2 participants
 * Last reply from: [esmi](https://wordpress.org/support/users/esmi/)
 * Last activity: [13 years, 3 months ago](https://wordpress.org/support/topic/widgets-unsecure/#post-3536444)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics