Skip to content

My WordPress got Hacked!!

2011 December 14
by middlelord

My WordPress got hacked today. This is a personal site that I use to post tips and fixes for various systems and programming languages. I found these log entries in my webhost log :

146.251.214.22 – - [14/Dec/2011:03:46:35 -0500] “GET /page/7 HTTP/1.1″ 200 27695 “http://www.bing.com/search?q=ip%3a67.23.239.244+wordpress&go=&filt=all&first=11&FORM=PERE” “Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0″
146.251.214.22 – - [14/Dec/2011:03:46:36 -0500] “GET /wp-content/themes/christmas-is-near/snow.js HTTP/1.1″ 200 3678 “http://techjunkie.tv/page/7″ “Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0″
146.251.214.22 – - [14/Dec/2011:03:46:36 -0500] “GET /wp-content/themes/christmas-is-near/style.css HTTP/1.1″ 200 17347 “http://techjunkie.tv/page/7″ “Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0″

I am following certain steps from http://codex.wordpress.org/Hardening_WordPress in hope that my wordpress blog becomes more secure to help mitigate this problem.

I am posting all the steps I am taking in hopes that I am doing the correct thing and to make it easier available to help other WordPress Bloggers that might be new to WordPress as well not have this situation happen to them.

1. Rename the default account to something else. For ex: Admin or Administrator account renamed to “onlyIknow-name”

2. a password with atleast 20 characters

3. set the permissions on the wp-config file to “400″

4. got new secret keys from WordPress key generator

to be continued…

If you have any tips for me to help secure this site please submit a comment.

 

 

2 Responses leave one →
  1. December 15, 2011

    So, the log shows someone came to the site from an IP number search on Bing, then what?
    What was the hack or defacement?
    Cheers,
    Lee

  2. September 3, 2012

    It was the Albanian Hacker Crew. Tupack Shackur and Biggie Smalls running Jihad on American Websites was what they put on the site.

    I had a password that was brute forced because I had changed it in order to not give my real password to support. So I gave the simple one to support and never changed it back. Big mistake. Thankfully they did not delete my files and data.

    Any ways I never did anything else but follow the WordPress security best practices after that and installed a couple of plugins that checked my wordpress installation for vulnerabilities.

    Sorry for the late reply.
    Have a great day!
    Scott

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS