code injection in functions.php

Community Forums Forums General Discussion code injection in functions.php

This topic is: not resolved

This topic contains 6 replies, has 3 voices, and was last updated by  jroytw 11 months, 1 week ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #41791

    jroytw
    Participant
    Post count: 6

    I have a website running Genesis since some months and today my host told me that my website was hacked, I found the code in the file functions.php of my child theme, this file was very simple, just some add_filter and a function to customize the footer, do you know how to protect my website from hackers???

    #41799

    anitac
    Participant
    Post count: 6515

    Please post a link to your website? Not all hosting companies know what they are talking about.


    Let me help you customize your theme, responsive header, Buddypress, Agentpress or technical issue!
    Visit me here: Cre8tiveDiva.com | Tweet Me! | Plus Me!
    When asking for help, please provide a link or screen shot showing your problem!

    #41809

    jroytw
    Participant
    Post count: 6

    I clean up the code so you will not see anything in the code, and people in this hosting company really know what they are  talking about.

    I got this problem with many websites (all with the same hosting company), all my websites are running WordPress, some with child theme of Genesis, some with child theme of TwentyTen/TwentyEleven, and another website with a theme from another theming company.

    All these websites was hacked last week, for half of them a base 64 code was injected in many files (WP files and theme files) and for Genesis theme it was different, the hacked injected directely a php code in functions.php.

    Another thing, I wasn’t the only one on this shared server, most of all WordPress was hacked.

    #41812

    anitac
    Participant
    Post count: 6515

    Then your hosting company did NOT tell you about the Brute Force Attack effecting all WORDPRESS websites across all of the hosting companies. It started in April and they should have made you away of this issue. You need to change all of your user ID’s and passwords on your account. If you have any accounts with the default USER ID of say, ADMIN or ADMINISTRATOR – the injection goes to your login, and the code basically runs a check to see if there are user id’s set up with those names – if so, then they run a code to hack the password.

    So you need to make your user id’s and passwords stronger. Brad Dalton did a great video on walking your through changing out the ADMIN or ADMINISTRATOR videos here – http://www.youtube.com/watch?v=gvq36XUAYHI.

    Do a search on Google for “Brute Force Attack” from the last month and you will see all of the news about it.

    But…. your hosting company should have made you aware of this.

    PS: You can also use this free tool to general strong passwords:

    http://www.pctools.com/guides/password/?length=15&phonetic=on&alpha=on&mixedcase=on&numeric=on&nosimilar=on&quantity=1&generate=true#password_generator


    Let me help you customize your theme, responsive header, Buddypress, Agentpress or technical issue!
    Visit me here: Cre8tiveDiva.com | Tweet Me! | Plus Me!
    When asking for help, please provide a link or screen shot showing your problem!

    • This reply was modified 11 months, 1 week ago by  anitac. Reason: added link at the bottom
    • This reply was modified 11 months, 1 week ago by  anitac. Reason: added link at the bottom
    #41813

    Victor Font
    Participant
    Post count: 38

    One of my customer’s sites was hacked several months ago. The breach occurred when they hacked FTP and gained access to the file system. They installed a plugin, hacked functions.php and the theme’s css file. It was easy enough to clean up once the initial shock and sense of being violated wore off.

    #41815

    anitac
    Participant
    Post count: 6515

    I don’t know if we bumped heads on posting, but make sure you read my message above yours.


    Let me help you customize your theme, responsive header, Buddypress, Agentpress or technical issue!
    Visit me here: Cre8tiveDiva.com | Tweet Me! | Plus Me!
    When asking for help, please provide a link or screen shot showing your problem!

    #41816

    jroytw
    Participant
    Post count: 6

    Anitac,

    the first attack on my website start 2 years ago, not last April…
    and I already did all you said about strong password.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.