How to remove a hole in wordpress?

N

Nikolay Erofeev2016-02-16 06:28:20

PHP

Nikolay Erofeev, 2016-02-16 06:28:20

Hello. There is a site already broken 4 times. I have already changed the prefixes to the database, set up the rights, but the site still breaks. He will write that he found a hole, then something else, the site does not display content, just the text that the hacker wrote did not find this text in the database. I have no idea how it uploads to the site. How to be?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alex, 2016-02-16
@mr_ko

You need to:
1. Make a backup of the database.
2. Update all modules. Download the module from the WordPress repository. Delete the module folder on the server, and upload "fresh" there. If you haven't made any changes to the module code (this is highly discouraged)
3. In the same way, update all the folders of WordPress itself, leaving only the apploads folder.
4. You need to review the Uploads folder for suspicious files.
Also, there may be a hole in the theme if you downloaded it "cracked".
It is also worth looking at the list of users, there may be an incomprehensible admin.

E

Eugene, 2016-02-16
@kompolom

Did you look in the web server logs?