slightlyoff
asked on
Word Press - Someone wrote to index.php
I was visiting a website I created in WordPress. When I went to www.mywebsite.com, I got this javascript alert:
"your site may be victim of hackers we offer a solution can contact us sebastiano.gz123@gmail.com "
after downloading the site files, I see that index.php has been physically changed to include this code at the very top:
<script>
alert('your site may be victim of hackers we offer a solution can contact us sebastiano.gz123@gmail.com ')
</script>
I removed it and the site is back to normal.
What I'm wondering is, how can someone write to index.php? Are there security settings I should've been aware of?
I'm using a theme I made - only the second one I've ever done, but I don't know how that would open up WordPress to a hacker.
No other sites on my server seem to be affected (including WordPress sites).
Any suggestions on things I can do to make sure this hack doesn't happen again? I'm sure it will...
Thanks!
"your site may be victim of hackers we offer a solution can contact us sebastiano.gz123@gmail.com
after downloading the site files, I see that index.php has been physically changed to include this code at the very top:
<script>
alert('your site may be victim of hackers we offer a solution can contact us sebastiano.gz123@gmail.com
</script>
I removed it and the site is back to normal.
What I'm wondering is, how can someone write to index.php? Are there security settings I should've been aware of?
I'm using a theme I made - only the second one I've ever done, but I don't know how that would open up WordPress to a hacker.
No other sites on my server seem to be affected (including WordPress sites).
Any suggestions on things I can do to make sure this hack doesn't happen again? I'm sure it will...
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sucuri's plugin does very little by itself. You would be better off with WordFence...
ASKER
I'll take a look at that one as well. Thanks for the heads up. I might use the service Sucuri offers as well - but being that this was my first theme - I wanted to really know what I missed (if it's my theme that's causing the leak)... very annoying.
Thanks again for the help!!!
Thanks again for the help!!!
Might be your theme, but if you hand-coded it yourself then it's more likely a plugin or a folder/file permission set too high. If you altered an existing theme, it might be there.
If you are willing to pay for Sucuri's service, then the plugin and the service get a lot more awesome.
If you are willing to pay for Sucuri's service, then the plugin and the service get a lot more awesome.
ASKER
I appreciate the info as well!