Recently my wordpress website was hacked. Basically the hacker got into some of my files and left a lot of malicious code bits that used things like eval(). I managed to clean up all (I hope) of the malicious code through security plugins like Wordfence and through manual sifting through of files and removing suspicious looking code and files. Now the website doesn't display the "This website contains malicious code" message when entered from google.
However my wp-config.php file keeps getting deleted every 2 days or so. I am not sure what could be the reason but strongly suspect that it is related to the hacking.
Here is what I did to defend the website better
- Use iThemes Security plugin for better security (followed their instructions to change table prefixes, changed wp-admin permalink to something else, changed admin user's name to something less predictable, changed passwords to cpanel and the admin user).
- Installed Wordfence plugin and used its scan feature to scan for any changes to the wordpress core files (running daily).
- Updated all plugins and Wordpress itself to their latest versions.
After the above were done there has not been any more malicious code alerts from Google or the website doing funny things. However the wp-config.php file deleting itself still happens. I thought the hacker may have set up a cron job in the cpanel to do this regularly, but no such cron job exists. As far as I know there is no Wordpress cron job set up for this either.
Any idea what might be happening? What more can I do to make the site more secure?
Aucun commentaire:
Enregistrer un commentaire