Solution for Wordpress Getting Hacked?

Comments

• cloudmate NAT Warrior

  June 2021

  @DigiData said:
  I have 9 Wordpress websites hosted with Hostgator. a few months go by and all of them get hacked.

  These hackers upload a bunch of web php and self hosted files which advertise their sketchy websites and run ads on the site. It's easy to spot and clean up the files, but it's so annoying. I can't pinpoint the root cause, I can see it being a couple of thing. First thing is that the server I'm hosted on keeps getting compromised. Am I right to feel I should get a dedicated VPS?

  The fault may lie on my side, maybe one of the many plugins on the 9 websites is compromised and they're gaining root access to the server and deploying the hacks on all subdomains, resulting in all of my sites being hit at the same time

  Just wondering if anyone has any advice, going through all of the plugins for 9 websites is tough. I don't want to go with the VPS route as its a bit time consuming dealing with your own security, etc. Has anyone seen similar behavior on Hostgator, I wonder if it's a Hostgator thing, with their shared servers. They never take liability when I reach out to them. Trying to decide which route to take, in the meantime, I may start updating WP and all the plugins for all my websites.

  First of all, Your approach is bit in fog.... Let me Clarify!
  The hackers cannot get access to root user because if they do, The whole server is compromised and is probably dead by the time Web Hosting Company gets to know about it.

  Taking a VPS is Not required. Just a Bit Security is Enough. Most Security of your Website depends on the Hosting Provider. Like in our case, we use Imunify360 and ClamAV both antiviruses on each Server which prevents any Hack Scripts/Injections from Running or Uploading but the Main Security resides with the Site Admin. If any site is given with any frontend upload methods, The Site should always load on SSL and restricted by File Type for Uploads. Never allow a PHP Files to be Uploaded. A Simple Wordpress Plugin Firewall like Wordfence and Security Scanner should be enough for full protection.

  But as You said that all your 9 Sites got hacked, It will always be unclear which of the one sites Got hacked and got the Files access. Even, It could be the case that the cPanel/Hostgator Panel User itself got Hacked.

  In your case, the best thing to do is ask your Hosting Provider for a Backup Restore and then Quickly stop all Outgoing traffic with .maintainence or .htaccess and Then Install the desired Security Required. Note that All firewalls and antivirus are good enough if they have Real-Time Protection. As For HostGator, I don't know they use Imunify360 or some other Firewall/Antivirus. Taking VPS won't ease your problem but increase it.

  Thanked by [1] : DeluxeNames

  

  Shared Hosting | VPS Servers | Dedicated Servers

  Ankesh Anand
  CloudMate Softwares
  Managing Director
  ankesh@cloudmate.in