Enterprise theme hacked

Community Forums Forums General Discussion Enterprise theme hacked

This topic is: not resolved

This topic contains 5 replies, has 3 voices, and was last updated by  nutsandbolts 11 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #86416

    hughmccabe2
    Participant
    Post count: 1

    Hello,

    It seems like my website has been hacked after installing the Enterprise theme. I published the new theme on the domain in December and this week started seeing links to spam websites in the header.

    Please view the page source and look at the code on the bottom. http://www.gridexpress.co.za/

    Can someone please assist and let me know how this happened, what I can do to remove the code and how to prevent this from happening again?

    Thanks

    Hugh

    http://www.gridexpress.co.za/
    #86454

    nutsandbolts
    Keymaster
    Post count: 3202

    Hi Hugh,

    So sorry to hear that this happened! These kind of exploits rarely happen through the theme, but are more likely a hack of your hosting account. I would recommend the following:

    (1) Change all passwords associated with your website and your hosting account immediately.
    (2) Install the plugin called Anti-Malware (Get Off Malicious Scripts) and allow it to run a full scan. You can usually clean up your files right from the dashboard once it identifies the issues.
    (3) Install Wordfence Security and allow it to run a scan. Leave this one on the site permanently to help ward off potential hackers.
    (4) Contact your host’s technical support and ask them to investigate what might have happened in case there is a security issue on their end.
    (5) Delete any unused themes or plugins (except one default theme – I usually keep Twenty Twelve installed but inactive) and make sure your themes, plugins, and WordPress installation are all up to date.

    If you need further help, feel free to contact me via the links in my signature – I offer malware removal and cleanup as part of my business.

    Best of luck!


    Andrea Whitmer, Owner, Nuts and Bolts Media
    I provide dev and training services for web designers • Find me on Twitter and Google+

    #86468

    AC
    Blocked
    Post count: 7712

    I agree with Andrea but you should also speak to your hosting company about their Joomla application. One of my clients was hacked recently and when I logged into their hosting account, there was a message that the hosts Joomla application had been compromised and therefore the people who had websites on that host had issues with their websites being hacked.

    #86469

    AC
    Blocked
    Post count: 7712

    To add clarification – even though you are using WordPress, the Joomla hack gave them a way to access your hosting account information.

    #86518

    hughmccabe2
    Participant
    Post count: 1

    Hi Andrea,

    Thank you for the reply. I sent an email to you via your website.

    Hugh

    #86565

    nutsandbolts
    Keymaster
    Post count: 3202

    Just wanted to check in – I responded to your email but didn’t know if you received it. Sometimes my emails go to spam folders because of the volume of messages I have going in and out, so check there if it didn’t go through. Thanks!


    Andrea Whitmer, Owner, Nuts and Bolts Media
    I provide dev and training services for web designers • Find me on Twitter and Google+

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.