linkup

I found through the CSF dashboard that you can modify the csf.pignore file to have it ignore what Wordfence is doing, but that topic, marked as resolved, never provided suggested lines to add to CSF.pignore? My hosts added a similar line for spamd, but that was a process, a cmd, not whatever it is that is causing the constant LFD errors.

Anyone had to deal with this, anyone know what exclusions to add to the file?

Thanks

No backup….typical huh…

which htaccess, main one or admin one?

index.php is 644

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# Wordfence WAF
<Files “.user.ini”>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>

# END Wordfence WAF

Thanks!!

I just looked on other pages of the site and I have that problem all over the place…text is appearing to the right of an image instead of below it. Most of the text was entered in “visual” mode and looked right…now it looks like c**P….

I went to Template Monster and it says the theme has been removed. I went to template_help.com and they don’t appear to have templates available despite the name so both links I have to a source of it have lead to a deadend.

I renamed the htaccess file and then the forgot password function worked and the blog is fine now. Don’t know why it changed to “error” and boloxed my blog, but all is well now.

thanks

mmmmm…. I think saying the “server” is exploitable vs. saying “some domains on the server” were exploitable.

It seems you are saying the server had less than desirable security which you don’t know and I don’t know either.

I had the server hardened, I have had it reviewed, and I have had it re-reviewed, and none of the geeks have found anything derelict at the server level.

I know that at least on some of the sites, passwords were very weak. It could be something that simple vs. a security weakness or a problem with WP.

I have just learned over time to deal with common denominators when trying to ascertain a problem which is how I ended up here.

It happens my server is backboned at the same place as suggested in one of the links provided above. And in turn, the geeks I hired work at their suggested support company, so I guess that is as good as it gets from that perspective 🙂

Thanks again…

I am the host….so the ball is still in my court. Multiple domains belonging to multiple clients were affected, but it doesn’t seem they rooted the server or have root access of any kind. That is why I was thinking it was a WP exploit since they didn’t hack it at a server level and they only hacked domains that had WP installs.

Most of the info above helps those whose blog hasn’t been wiped out. The two worse offenses were cases in which it appears the whole database was wiped out. As a result, there is nothing to “save” or nothing to try to fix or upgrade. Seems like the only solution is to wipe out the whole blog directory and install a fresh copy of WP.

If WP is now “safe”, then what about plugins like “Secure WordPress”? I am trying to understand if WP is truly “safe”, or if in fact security plugins are needed and what else can be done.

I had found the provided links already (thanks) but they are mainly aimed at recovering from a hack, and the standard password change suggestion, but it didn’t appear there was much more to protect future attacks?

Seems the consensus is that WP is a “safe” program to run and all the problems are external to the program?

Thanks so much!