1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

my site was hacked through an old wordpress installation

Discussion in 'Off Topic' started by Jake Bunce, Mar 20, 2016.

  1. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    I had completely forgotten about it, but some one found it and exploited the old version.

    If you have old software on your site that you aren't using you should remove it. The same goes for addons that you aren't using.
    Pereira, sami simo, Neal and 10 others like this.
  2. wang

    wang Well-Known Member

    I am sorry to hear that you got hacked sir. The same thing has happened to me and a friend of mine a few months back with an old Joomla installation.

    Excellent advice about older unused software and add ons. Or at the very least, to update them, even if one is not using them anymore.
  3. Nudaii

    Nudaii Well-Known Member

    a client i work with had same issue last week, what was the wp version/wp plugin exploited in your case @Jake Bunce?

    for my client it was gravity forms
  4. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    wordpress 3.4.2 :eek:
    Nudaii likes this.
  5. Shiro

    Shiro Well-Known Member

    Wordpress is an unauthenticated remote shell that, as a useful side feature, also contains a blog.
    rainmotorsports, Xon, Teapot and 2 others like this.
  6. Kintaro

    Kintaro Well-Known Member

    wow do you think is really non-secure like this?
  7. LPH

    LPH Well-Known Member

    Yes. WordPress is very insecure and always a target. Enabling automatic updates is usually a good idea. This updates the site any time WP developers release a new version or a security patch.
    Kintaro likes this.
  8. Nelson T.

    Nelson T. Guest

    Someone hacked my church's wordpress site that I put up for them, and it really sucked.
    I got that alarm program, and wordfence, and it helped some, but not totally.
    Last edited by a moderator: Apr 14, 2016
  9. Xon

    Xon Well-Known Member

    Enabling automatic updates is vital to keeping Wordpress secure.
    eva2000 likes this.
  10. Alex - A2Hosting

    Alex - A2Hosting Active Member

    WordPress is extremely great for what it does though it is a very big target given the number of websites running it. Should always be kept up to date (plugins also) and implement the other recommended security measures to help.
    Xon likes this.
  11. eva2000

    eva2000 Well-Known Member

    Xon likes this.
  12. Xon

    Xon Well-Known Member

    Not just plugins, but theme updates too!
    eva2000 likes this.
  13. M@rc

    M@rc Well-Known Member

    Even if they're deactivated?
  14. rainmotorsports

    rainmotorsports Well-Known Member

    If there is code that can be exploited to gain access, it being active or not often doesn't make a difference. Depends.
  15. Alex - A2Hosting

    Alex - A2Hosting Active Member

    Better safe than sorry :).
  16. M@rc

    M@rc Well-Known Member

    I guess it's time to delete the default WP themes I don't use then.
  17. Xon

    Xon Well-Known Member

    You don't want to run the risk of accidently (or otherwise) of switching to an unmaintained theme and then being compromised less than 24 hours later by automatic bots.
  18. rainmotorsports

    rainmotorsports Well-Known Member

    Hell I took those out just because. You can always get them again.

Share This Page