Blog defaced

**dodolls** · 16 May, 2010, 12:35 PM

One of my sites was defaced lately after I reinstalled wordpress. I decided to uninstall wordpress again, but the site still shows the defaced index page. Any ideas on what's the reason behind it?

I had to remove everything in order to remove the defaced index page.

**bogart** · 16 May, 2010, 15:59 PM

Make sure that you change the passwords and upgrade to the latest version of wordpress.

**garfish** · 16 May, 2010, 16:14 PM

install the AntiVirus plugin
AntiVirus for WordPress is a smart, effectively solution to protect your blog against exploits and spam injections.

**xxtoni** · 16 May, 2010, 16:32 PM

This reminds of the thing I did when I was younger xD
But maybe the index file is still there,I once had this on a clients site,there wasnt a htm or php or any other index in the public_html/www folder,and I replaced the index.html but the site was still defaced,the host solved it somehow,so contacting them might be a option.

**sparckyz** · 16 May, 2010, 21:20 PM

Originally Posted by whatthehell

install the AntiVirus plugin
AntiVirus for WordPress is a smart, effectively solution to protect your blog against exploits and spam injections.

I though WP was safe, but after reading this i think im gonna check that plugin out :P

**Mr.Bill** · 17 May, 2010, 00:20 AM

Here are two sites that may give you some information to better help you

How To Completely Clean Your Hacked WordPress Installation | Smackdown!

30 Things to do After Installing WordPress | Make Money Online

**dodolls** · 17 May, 2010, 05:10 AM

I think it's time to install the antivirus plugin for wordpress. The biggest mistake I did was to not upgrade Wordpress after reinstalling it.

**bogart** · 17 May, 2010, 05:52 AM

Originally Posted by dodolls

I think it's time to install the antivirus plugin for wordpress. The biggest mistake I did was to not upgrade Wordpress after reinstalling it.

I'm guessing that they are using a password exploit. Upgrade the WP install and change the password for the user password for the sql db as well.

I've had a lot of problems with wp blogs running version earlier than 2.7. Even on 2.7 a hacker got it and was able to make a post. But didn't deface the blog.

**Andy101** · 17 May, 2010, 12:24 PM

Many WP plugins are insecure. Check that they use the "nonce" (Number Used Once) scheme when the options are updated.

It may not be WP that is causing the problem, but one of the insecure plugins that you may have installed.

Search on WordPress Nonce for more info.

Basically, it is an easy way for plugin developers to validate that the options update was from the correct, trusted source.

Normally this code appears after the Form tag in the options part of the plugin. Where it inserts a hidden form field. And where the options are updated in the PHP code, there should be some kind of check for the Nonce, referrer page and/or the user has admin rights before any changes are made.

**xxtoni** · 17 May, 2010, 13:30 PM

It would be a shame if WP became the next Joomla,because this reminds me of the early days of Joomla.Most people think that Joomla is insecure,it really isn't,but since everybody is developing for it,it just has to happen,not even intentionally,not everyone is the best programmer in the world.The plugins tend to be the real culprits,they open back doors into the CMS and make it possible for hackers/script kiddies to exploit them and attack your site.