gmccarthy
Forum Replies Created
Viewing 4 replies - 1 through 4 (of 4 total)
-
Forum: Fixing WordPress
In reply to: Latest version of WordPress hacked and password changedthis was caused by a critical vulnerability in elementor essentials. It allows the admin password to be remotely reset.
https://www.techradar.com/news/one-of-the-most-popular-wordpress-plugins-has-a-serious-security-flaw
Forum: Fixing WordPress
In reply to: Latest version of WordPress hacked and password changedThanks for the links, some really useful info there which I’m working through to further lock things down.
After looking through all the logs the exploit must have come through a vulnerable plugin. I’ve now removed all unwanted plugins and removed unused themes
After lots of coffee I’ve taken the following steps:
- Web site was shut down about 1 minute after the email address was changed so luckily no damage done but still busy checking.
- I’ve now put the web site behind CloudFare WAF and blocked Asia. (The attack came from a IP in Vietnam)
- Changed all passwords and also implemented 2FA auth (My biggest mistake was not enaling this)
- Setup Fail2ban to block IP’s
- Looking into setting up .htaccess (Which is mentioned in the links you provided) Can’t believe I missed this one as well.
- This reply was modified 3 years ago by gmccarthy.
Forum: Fixing WordPress
In reply to: Use of undefined constant WP_POST_REVISIONSThank you – that fixed the issue
Forum: Fixing WordPress
In reply to: Stuck on "Updating Plugin"Problem fixed – for some reason php-zlib was missing. Reinstalled and now its working fine.
Viewing 4 replies - 1 through 4 (of 4 total)