Recently one of my wordpress site is hacked which is on wordpress. There is something wrong happening on server. We fixed issue with some steps, we given full steps for fixing issue. Due to disk I/O notification and CPU usages notification email I got to know.
If wordpress site is hacked then how to fix issue
There is something wrong happening on server.
First thing I did which is checking the apache access logs and error logs. I was getting per second 100 request from some IP addresses.
I stoped apache server and I took my database and filesystem backup. Deleted my admin username and added new administrator with new username.
You should use the Better WP Security wordpress plugin. This is very useful plugin.
I added following code in my .htaccess file
# BLOCK BAD IPS <limit GET POST PUT> Order Allow,Deny Allow from all # uncomment/edit/repeat next line to block IPs # Deny from 123.456.789 Deny from 192.111.152.122 Deny from 192.111.144.233 Deny from 110.85.90.123 </limit>
But above code was still not helpful to me because disk I/O and apache process was taking time to sending the request to 403.
Then I blocked the IP Address on My Linux server using following commands.
iptables -A INPUT -s 192.111.144.789 -j DROP iptables -A INPUT -s 192.111.152.122 -j DROP iptables -A INPUT -s 192.119.144.123 -j DROP
This solved my issue.
Was the site changed in any way? I’m surprised the w3 total cache plugin you’re using didn’t help out.
yes! you are right..