- This topic has 3 replies, 2 voices, and was last updated 8 years, 6 months ago by
.
-
Posts
-
I’ve recently had an issue with hackers being able to get into my admin site and change some things. I’ve been able to catch it quickly and repair the damage, but I’m not quite sure where they’re getting in. WordPress suggests looking at most recently changed plug-ins and for me that’s the Events Calendar. I’m also doing other things, but would like to make you aware in case folks out there are aware of some vulnerabilities.
Thanks for the considerate report, Kathy.
We haven’t had other users reporting this, but I’d recommend adding HTTPS to your site, especially wherever there’s a login form, such as /wp-login.php or if you have a page like /membership/sign-in/ or /membership/register/
If you don’t add HTTPS yourself, you might want to use Jetpack’s Single Sign-On functionality, where you actually use WordPress.com to login to your WordPress.org-based site.
Jetpack actually has many more security features, too: https://jetpack.com/features/security/
Whenever your site gets compromised, you’ll want to consult some resources, such as the following:
- https://codex.wordpress.org/FAQ_My_site_was_hacked
- https://sucuri.net/guides/how-to-clean-hacked-wordpress
- https://premium.wpmudev.org/blog/cleaning-up-after-wordpress-hack/ (only one of these 3 that mentions changing your “salt”, which you should do)
Also consult your web host about the issue. If it keeps happening, I suggest switching hosts.
I hope it goes well.
Hey there! This thread has been pretty quiet for the last three weeks, so we’re going to go ahead and close it to avoid confusion with other topics. If you’re still looking for help with this, please do open a new thread, reference this one and we’d be more than happy to continue the conversation over there.
Thanks so much!
The Events Calendar Support Team
- The topic ‘Possible Security Issue’ is closed to new replies.