Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Did my blog get hacked? What now?

G

GanChan

macrumors 6502a
Original poster
Jun 21, 2005
615
27
I keep a Wordpress.org blog under my own Yahoo-served web domain. I got an email today that read (I've omitted the names):

New user registration on your blog:

Username: [omitted]

E-mail: [omitted]

So I go into my Wordpress dashboard, and this dude has somehow added himself as an Administrator. I deleted him, of course, but how does somebody bust in and plant admin privileges on someone else's blog? Is there nothing to prevent it? I seem to catch all the spam comments with no problem, but it looks like I have to do something more.... Advice? :confused:
 
Angelo95210

Angelo95210

macrumors 6502a
Jan 7, 2009
972
15
Paris, France
Some basic security tips :

- Update your Wordpress to the last version. Security fails will be fixed
- Change your MySQL password to a strong one, eg : FtGd67/DF
- Change your admin password the same way
- Remove your install directory if it's mentionned in the wordpress manual
 
Rodimus Prime

Rodimus Prime

macrumors G4
Oct 9, 2006
10,136
4
Angelo95210 said:
Some basic security tips :

- Update your Wordpress to the last version. Security fails will be fixed
- Change your MySQL password to a strong one, eg : FtGd67/DF
- Change your admin password the same way
- Remove your install directory if it's mentionned in the wordpress manual
Click to expand...

Good advice.

The password while something like that can seem hard it really is not if you know how to make them. The trick is basing the password off something easy to remember. For example lets assume your home address is 1324 Cool Lane and uses that a password I can think of that uses that easy to remember would be C0!0L3LA4N34. That pass word look very complicated but really it is easy to remember. It was converting some of the letters to basic L33T

Another trick is make the password us using multiple languages then it is not to hard to remember because words are a lot easier to remember than a random password and since it is in multiple languages it makes it a lot harder for some one to crack it. In writing my password I used while I was in school look really complicated but if you knew how I created it and how I remembered it would make you laugh. Got a really good chuckle out of a good friend of mine.

But might as well tell you as you will get a laugh. Password I used was a foreign word with the English translations and a important year to me built into it. easy to remember and still a great password.
 
belvdr

belvdr

macrumors 603
Aug 15, 2005
5,945
1,372
Or find a sentence such as:

the quick brown fox jumped over the lazy dog

and use the first letter to make a passowrd:

tqbfjotld

Now swap in some letters/punctuation:

#tqbfj0tld$

Use a sentence that you'll remember, such as a common phrase you hear or something that you can easily remember and relate to.
 
G

GanChan

macrumors 6502a
Original poster
Jun 21, 2005
615
27
Thanks. I thought I was already using a strong Wordpress user password, based on an obscure letter/number combination that makes sense only to me...but it looks like I might've still been running the simpler version of that password instead. I've upgraded it to the full 15-character monstrosity. I've also upgraded to the latest Wordpress.

I don't know much about MySQL. I just remember uploading the Wordpress.org app onto the Yahoo web server, and then creating a page on my website that automatically redirects to the blog page. So I guess technically the blog is still based off-site, or being treated as off-site by my web app (Rapidweaver).

I dunno. I'm kinda dumb about these things.
 
Angelo95210

Angelo95210

macrumors 6502a
Jan 7, 2009
972
15
Paris, France
GanChan said:
Thanks. I thought I was already using a strong Wordpress user password, based on an obscure letter/number combination that makes sense only to me...but it looks like I might've still been running the simpler version of that password instead. I've upgraded it to the full 15-character monstrosity. I've also upgraded to the latest Wordpress.

I don't know much about MySQL. I just remember uploading the Wordpress.org app onto the Yahoo web server, and then creating a page on my website that automatically redirects to the blog page. So I guess technically the blog is still based off-site, or being treated as off-site by my web app (Rapidweaver).

I dunno. I'm kinda dumb about these things.
Click to expand...

Beware. There is TWO different password. Your MySQL pwd, and your wordpress user password. Two possible flaws. Change them following the good advice above for generating strong password and see what happens.
 
D

dmmcintyre3

macrumors 68020
Mar 4, 2007
2,131
3
Make sure your wordpress config file (wp-config) is not publicly readable. If it is and your mysql database is accessible from the outside or a hacker is on the same server/uses the same database server could get to it. (assuming your on shared hosting which you most likely are)

What's your site's URL? (will help us figure it out what's wrong)
 
Consultant

Consultant

macrumors G5
Jun 27, 2007
13,314
36
There are various ways of hacking in.

Brute force is another way among others. The different methods can be made not worthwhile using different techniques.

If they gained admin they might have left malicious code / backdoor.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom