WordPress hacked again – 2014 – Optimizepress

Optimizepress-hacked

Several of my WordPress websites where hacked again. Its 2014 and I’m using the Better WP Security plugin on all my sites, I thought I was covered. I haven’t had an issue like this in years. I really thought I was well protected. Nope, this time I believe the culprit was an outdated Optimizepress theme.

A few days ago I noticed that the WordPress log in page looked weird on one of my sites. It appeared to be missing some styling. For example, the WordPress logo was missing and the font and sign in boxes were a little off.

I went to a second WordPress site of mine and noticed the same thing. I then found that more than 5 of my sites were experiencing some type of trouble. Sometimes web hosts experience issues. Because this appeared to be a global issue, my first assumption was Hostgator must be having trouble.

I put this issue off for a day hoping that Hostgator would correct the server issue. As I started checking each of my sites I began to notice odd issues such as styling changes that I didn’t make. One website was completely shifted to the right by 20px. Another one of my sites completely lost it’s theme settings.

At this point I knew I’d been hacked and contacted Hostgator to request a website restore for all my sites. When their tech support responded, they informed me that my ticket was being handled by the security team. It was also explained that anytime a site is hacked, they like to investigate.

Below is the response I received from the Hostgator security team.

hostgator-wordpress-hacked

The moral of the story is, report anything out of the ordinary to your web host immediately. More importantly, keep your WordPress themes and plugins up to date. I plan on finding a different theme for the website that was initially infected. It’s wild that one vulnerable website can open the door to all of your other sites.

I still have one WordPress website that is extremely infected. In fact, when I visit the site I see the following scary ass message. Google is completely blocking it.

reported-attack-page

I’ve asked Hostgator to look into this website. I’m waiting for a response. If they’re unable to assist, the next step for me is to look at one of the following files:

wp-config.php
index.php
config.php
functions.php

These are normally the files that are attacked. Using an FTP client, I could also look for files that have been recently changed. The files that have been altered should stick out and will probably be one of the files mentioned above.

I believe there are WordPress plugins that search for malware embedded within your site. I might try that out if Hostgator isn’t able to assist.

If you found this article helpful please like us on Facebook or Twitter. Please leave your questions below and I’ll try my best to help you out.

Tags: , , , , , , , , , , ,

Category: WordPress

About the Author ()

John Bousman is an MCSA, MCTS, MCP, Net+ and A+ Certified Technician. He is also an avid Web Developer, WordPress Jedi, SEO Connoisseur and owner of an IT Firm in the Midwest. During the day he helps tackles Server Administration and Desktop Support issues for small business. With over 15 years experience installing, configuring and troubleshooting retail and enterprise software, he's seen it all. Make sure you checkout his profile on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *