Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

WordPress

Shane McC
Shane McC
3,005 Points

Wordpress website keeps getting hacked?

Hi,

My WP website keeps getting hacked. Folders are being created on my website. I don't know how to fix this problem. Would anyone know how to go about fixing this problem?

Thanks

3 Answers

Depends!!! There are different plugins that you're able to install. Even though they somewhat secure your site but there isn't anything such as un-hackable, what if your site is secure and you've installed premium plugins to guarantee maximum protection but the server on which it is hosted isn't? A hacker can still gain illegal access to the vulnerable web-host and then on the sites hosted there. All of what we can do is choose a good secure Webhost, keep WordPress updated and specially plugins, most of WP BLOGS are hacked because of the vulnerable plugins that they've installed.

Shane McC
Shane McC
3,005 Points

Hi Jameel,

Please see my above comment to Stanley. Please give me your thoughts. Thanks

Just did and now I'm quite sure that the problem is with server on which your site is hosted, through one vulnerable website, a hacker can gain root access to entire server and inevitably all sites hosted there if he's able to find exploit for the desired kernel version and escalate his privileges, The hacker here in your case most probably has root access to the server and is defacing all or most of the sites hosted there, you can't really do much here except for contacting Webhost and requesting them to secure their server or you can always shift to a new Web host.

Sue Dough
Sue Dough
35,800 Points

Sounds like your permissions are screwed up on your server. What are your file permissions?

Shane McC
Shane McC
3,005 Points

Hi,

For which folder are you referring too?

Sue Dough
Sue Dough
35,800 Points

You should check all your folders and files for your site. You can do this easily on the command line however if you don't know how you can use Cpanel's file manager. You will see a perms column on far right.

If you see anything other than 755 for folder and 644 for files please let me know.

Stanley Thijssen
Stanley Thijssen
22,831 Points

Hi Shane,

is your Wordpress version up to date? and are you using plugins on your website?

Shane McC
Shane McC
3,005 Points

Hi Stanley,

My WP version is up to date and I'm also using plugins.

I should also mention another website that isn't built with WP recently got hacked as well. It's on the same hosting plan.