someone hacked my wordpress site and I cannot access ftp, cpanel and admin.
I contacted the hosting company and they send me the new password in order to access via ftp but I cannot access via admin and via cpanel.
How can I solve this problem? And How can I prevent this in the future?
I saw that there are some plugins like "Better WP Security". Is it enough to prevent future attacks?
Thanks for your help
Using Better WP Security is an option, yes, but most of all try to use strong passwords, always keep up to date your plugins and Wordpress itself.
Do not store your password on the computer as (text) files (try to remember them, I know, it sounds hard to do, but this is the only way).
Also check all computers, from which you login into Administration area for viruses and/or Trojan horses/key-loggers.
This was for prevention.
Now, how to deal with current situation - it depends, the best way is to disable (and remove) all plugins, and start with clean Wordpress installation. The posts and pages are inside the database, so you should not lose any information, but you can make a backup of all of your files (and custom page templates, if any).
That is lots of depend how your hosting manage there security for Wordpress or Other CMS in PHP the common way to hack admin and cpanel is SYMLINK attack. 1st check all the permission on the host like for change and modify and second thing use strong .htaccess in the your main index dir. And check all the your dir on your account if there is any PHP shell exists there than delete it immediately.
There are certain key points that you can use to make your website more secure.
First Check your site on sucuri.net to get more info on malware, spam etc...
1. Use security plugin
I recommend to use Wordfence. Which has lots of features and is able to do
Scans over 44k+ malwares definitions
Detects phishing attempts
Removes Sh3lls
Backdoors
Trojans
Monitors
DNS security and many more...
Better WP Security (aka iThemes Security) is also good plugin to secure your WP. Which has also great features.
(both plugins works together - No doubt )
Comparison of Better WP Security and WordFence
2. Secure your .htaccess
secure wp-config.php
<Files wp-config.php>
order allow,deny
deny from all
</Files>
Disable directory browsing
# directory browsing
Options All -Indexes
Protect .htaccess itself
<files .htaccess="">
order allow,deny
deny from all
</files>
Disable hot linking
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?YourDomain [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
3. Protect your self
Use strong passwords, never share with anyone
Save your self from Social Engineering
Tips from Codex (Hardening Wordpress)
4. Get yourself updated.
Use updated version of WordPress, Plugins, Themes.
Related
I am hosting multiple websites on the same server. Instead of uploading the (same) pictures for each website into individual folders, I would like to make ONE main folder on the server where all websites will get their image from, so I dont end up with duplicates.
I tried everything but cannot seem to get it working. Can anyone help me out?
Hosting on Ubuntu 16.04 with Apache2.
My host file:
Alias "/product-image" "/var/www/uploads"
<Directory /var/www/mysite.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
So basically what I want is when my SRC goes to:
mysite.com/product-image/ferrari/f1.jpg
it should be served from
/var/www/uploads/ferrari/f1.jpg
Tried multiple tutorials but nothing worked so far.
P.S. when I go to the url mysite.com/product-image I would expect to see my upload folder but I see nothing. Instead I get an error:
Not Found
The requested URL /product-image was not found on this server.
Apache/2.4.18 (Ubuntu) Server at bedrijfskledinggroothandel.nl Port 443
If you have your multiple websites set up as subdomains in your hosting (as I do), each website at run time can only see the files in or below its specific subdirectory - the hosting will put this layer of security in place.
If this is your own server, not externally hosted, the same may well apply but you may perhaps be able to override this element of the configuration (if you want to - to me, the reason for this security layer is to prevent users realising the stuff is in the same place and trying to take advantage of the fact in some way).
You could however get to what I think is your objective by putting a http (not file level) redirect in place (via .htaccess) so that the subdomain interpreted https://my-website.com/Images (or whatever) as https://www.my-main-domain.com/central-image-directory, which would do the trick I think.
This question already has answers here:
Why do i have to log in twice in backend to log in?
(2 answers)
Closed 9 years ago.
My login problem is reproducable on different Joomla sites.
I have this for a Joomla version 2.5.9 and 3.2.
Backend users need to put my username and password in twice to get logged in.
Are some users experiencing the same? Can someone explain this?
First login at: http://my-domain.com/administrator/ For some reason, nobody can login here. This page get redirected to the second page:
Second login at: http://www.my-domain.com/administrator/ Login is possible here.
So, I need a WWW in the URL. But some users keep going to the other page. Is this Joomla related? Hosting partner related?
On my other website, I have the reverse problem.
Login at: http://www.other-domain.com/administrator/ does not work.
Login at: http://other-domain.com/administrator/ is the redirect page and works.
There is one post with a user having the same problem, but I did not find the usefull answers: http://forum.joomla.org/viewtopic.php?t=558305
Thanks! Any help or explanation is useful. I realy need this explanation for my customers.
The login problem was related to my domain configuration and the interaction with Joomla.
I updated the .htaccess file like:
RewriteCond %{HTTP_HOST} ^domain\.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]
In this way, my users always get redirected to: www.domain.com
Even coming to domain.com
This give them direct access, but is also beter for other plugin's and modules that use web-cloud services, depending on the www.domain.com (they will not work on domain.com)
Examples: Social Login with Google/Facebook/Twitter; Map API's and other API's
I hope this will help some users! It helped me :-)
This can be caused through a conflict between a redirect in the .htaccess settings and the $live_site parameter in the configuration.php file.
For example, the $live_site parameter in configuration.php may be set to the non-www version of the website while a redirect in the .htaccess file may be redirecting the www version of the website or vice versa.
Either make these consistent or don't set the $live_site parameter. Setting the $live_site parameter is usually not required for a website in the root folder on properly configured hosting unless there is a particular requirement (e.g. sh404SEF or similar).
I`ve been using joomla from past 2 years. As joomla is a very popular CMS for php lovers so hackers are always trying to deface the website in joomla. Anyone can easily detect the website is using on joomla or any other programming language by using wappanalyzer software. In joomla we can access the administrator panel by typing
http://phalana.com/administrator.
So my question is how to change the /administrator to something else so that hackers will not get to the administrator panel. So far i've seen the number of extensions in official joomla directory But still something is lacking on it.Can anyone help me to change the administrator path.
Changing /administrator is a very bad idea for a lot of reasons top amongst, ironically, is security. Apart from that it:
breaks lots of components
cuts you off from easy application of security updates
the effects of renaming are unknown from a security point of view
The best way to secure Joomla's /administrator area is to follow some simple steps...
Add realm authentication to the /administrator directory that way unless you hacker manages to figure out the username and password they're stumped.
Use an extension like JSecure or Akeeba's Admin tools (both allow your to set a "secret word" on the administrator URL) or check the extensions already available in the Login Protection section of the Joomla! Extension directory (called JED for short). N.B. I personally like Admin tools the most, with the /administrator?secreword, their application firewall and the .htaccess maker.
Follow the advice on the Joomla Doc's website Security Checklist
Personally we do all of these things and a bit more... as we keep telling people.
You can protect or hide your /administrator directory by creating an alternative directory wich sets a cookie that is sent to the http header in the request. That cookie will be validated from the index.php file at the /administator directory, if is not validated (when an unauthorized user wants to detect if your site is Joomla based by the known /administrator directory), then it will be redirected to the root directory for your site.
These are the steps.
*create an alternative /administrator directory ie: /admins_place
*inside /admins_place, create an index.php with the following code
snippet
<?php
$admin_cookie_code = "_hashed_secret_code_here_";
setcookie("JoomlaAdminSession", $admin_cookie_code, 0, "/");
header("Location: ../administrator/index.php");
?>
*In administrator directory add this code snippet at the beginning of
the index.php file.
<?php
if($_COOKIE['JoomlaAdminSession'] != "_hashed_secret_code_here") {
header("Location: ../index.php");
}
I hope this helps
I've just moved a Joomla 1.7 site to a new server.
Administration back-end works fine. Configuration.php seems fine. Get "The requested document was not found on this server." for every page other than Home.
Must be talking to the database OK or I'd get an error. Could this be a problem with the PHP?
Thanks,
Andy
Did you clear joomla cache ?
Disable page and/or module caching.
Disable any plugin that optimizes "loading speed".
Try removing SEF URLs (Joomla! and any 3rd party extension).
If you are using a custom .htacess, then use an unmodified joomla one.
Disable some system plugins.
Disable modules in the homepage.
Have you tried using another template (site) ?
You have Seach Engine Friendly URLs enabled in /administrator/ area's global configuration settings. You have probably enabled the option to use the mod_rewrite function which removes the /index.php/ portion of the urls.
It is a requirement of this mode that you have the .htaccess file in place in the root of your site. You probably had this correctly configured on your development server but perhaps forgot to move the file across when you went live. Some FTP programs hide dot files (files starting with a leading dot in the filename) so depending upon how you transferred the files (I'm guessing manually with FTP rather than Akeeba backup or similar) the file may have been missed. Look through your FTP client's options/preferences for an option to show/hide hidden files.
Failing this - the file could be correctly in place - but if you were developing in a sub-folder on your development server you would have set the RewriteBase line to your /sub-folder/
RewriteBase /sub-folder/
Now you've moved to the live server this line could be incorrect. If this is the case, edit the file to Read
RewriteBase /
Chances are it is one or other of these issues - missing .htaccess file or incorrect RewriteBase. A third and nowadays somewhat more unlikely option is that your server doesn't have mod_rewrite enabled - but I think that would result in server 500 errors.
Check whether you are using any modules that is calling database and you have not changed DB details in that module after migration. If admin panel is working fine then I think problem with some modules that are used in front-end. You can do debugging by disabling few suspected modules and check whether your site works fine or not. Else provide some more information about your site so that I can check further.
I have a Joomla 1.5 website and I enabled SEO on it. I moved it to different location with different DNS and now SEO doesn't work. How can I fix it?
Three checkboxes ("Search Engine Friendly URLs", "Use Apache mod_rewrite" and "Add suffix to URLs") on global configuration page regarding SEO are checked.
Is the new server definitely an apache web server?
Is mod_rewrite enabled on the server?
If the answer to either of the above is no, then you have problems. For the first you'll need to change servers. For the second you'll need to get the server administrators to enable (and possibly install) mod_rewrite.
Is your website in a sub-folder? For example /joomla/ for example.
If so you need to edit the RewriteBase line within the .htaccess file.
Change the line from
RewriteBase /
to
RewriteBase /joomla/
Rename your htaccess to .htaccess.
There might be more problems, but I think you should start checking this:
1) You have the right .htaccess file in your joomla root and it is readable by your Apache user.
2) Go to the administrator > Site > Global Configuration and check you have "Search Engine Friendly URL's" and "Use Apache mod_rewrite" to "Yes".
3) Make sure that the Apache you are using has all the modules needed.