in this video I want to share with you
what happened yesterday basically
someone was able to hack into WP Eagle
nice and secure I've been running
wordfence plugin and you know do all the
other security basics that you should do
to keep your site secure although I had
forgotten to do one simple thing so I
want to share with you what happened so
hopefully you can learn from it and the
same thing won't happen to you let's go
[Music]
hello it's Alex here from WP eagle hope
you're all well if you're not subscribed
why not do it right now just click on
the subscribe button make sure you click
the bell to be notified when I upload
new videos so yesterday evening I was
about to sit down for my dinner
there's a lovely spaghetti bolognaise my
wife had cooked just as I was about to
tuck in I got an email alert on my phone
and it was an email from WP eagle calm
my web site email was to let me know
that a new user had registered on the
site so I was immediately a little bit
concerned as the site actually has user
registrations turned off put down my
knife and fork and I ran upstairs to the
computer to see exactly what was going
on I logged into the site went into the
users area and yeah there was a new user
there a new admin user with a dodgy
Russian email address I quickly deleted
the user and I also noticed that there
are a few plugins that needed updates so
I ran those updates made sure everything
was up-to-date and then dropped a line
to Phil who looks after WP will calm
which is actually hosted on a VPS server
by spider web I think I've mentioned
them before Phil quickly came back to me
and said that the hacker was able to get
in via a vulnerability in the easy WP
SMTP plugin which is a plugin I use so
the site can easily send email from like
forms and stuff like that so it turns
out that this front ability came to
light around March 15th
so it only taken like four days before
the hackers had found my site and
exploited it and were able to gain
access and basically do whatever they
wanted with the site so this was pretty
concerning even though I had a play to
the plugins and delete the user I wasn't
too sure what else they could have done
to the site luckily Phil points me in
the direction of a useful article which
had a load of recommendations that you
should follow if you have been hacked so
I went through this it involved you know
changing all my passwords checking the
SMTP password within the plug-in and
changing that to a new password
what's an update to the SMTP password I
tried to send a test email from the site
and I got a message back from my hosts
SMTP server saying that I've been
blocked due to some dodgy activity on my
account
so it turns out that they've been using
my site for the very brief moment that
they got access to send out a whole load
of horrible spam emails anyway I got in
touch with the SMTP host I let them know
that I changed my password and fix the
vulnerability and all that kind of stuff
and they resumed my service pretty much
straight away I'm still a little bit
worried though because I wasn't quite
sure what else they could have done to
the site I mean they could have added
some backdoors I did some extra files
change some files I mean you just don't
know so just to be sure that they hadn't
done any of that stuff
we were stored a backup from earlier
that day Phil also ran some extra
hardening processes on the site changing
file permissions that kind of stuff and
by the way you'll find a link in the
description to a document which talks
all about how you can make your
WordPress even more secure by changing
things like file permissions and doing
some extra stuff on the hosting side of
things so ultimately the takeaway from
this story is that even if you think
your WordPress website is secure maybe
you're running a security plug-in and
you've you know got some strong
passwords that kind of stuff if you've
got a plug-in that's out of date you are
at risk especially if that blogging is
obviously got a vulnerability connected
with it and it can happen fast even if
that vulnerability was only detected a
couple of days ago that's enough time
for a hacker to find your site exploit
the vulnerability get in and do some
horrible stuff I'd love to know your
thoughts on WordPress security leave a
comment below and to read all the
comments that I get and I'll try and
reply to as many as I possibly can if
you're not really subscribed click on
the Eagle you like to check out my vlog
channel click on my face it's full of
videos on business and making money
online all that kind of stuff and here's
a couple of videos chosen especially for
you I hope you enjoy them until next
time bye for now
#Best Education Page #Online Earning
online earning,make money online, earn money online, online earning, online earning sites,
make money online free, online money income, earn money online free, money online, best way to earn money online, online income site, money earning websites, best online earning sites, easiest way to earn money online, earn money payment bkash, online money income site
Posts
No comments:
Post a Comment