[Answered] Website Hacked

[zeamtech]

My website was today hacked by some people? was anyone else affected as it happened through HelioHost. What can we do to stop this again?

[wolstech]

If you think your cPanel password is compromised, change it first.

 

The more likely problem though is vulnerable software installed on your site. It happens a lot. You didn't post a link to your site so I don't know what software you're using, but software vulnerabilities are common.

 

WordPress and Joomla are two well known programs that are infamous for being easily hackable, especially if you install random plugins/extensions. Also, many of the "free" WordPress themes you find online at random websites are actually backdoors designed with to let in hackers.

 

If you use such software on your site, make sure to keep everything updated. Also, remove any themes and extensions you installed, and only install ones trusted sources.

[zeamtech]

If you think your cPanel password is compromised, change it first. The more likely problem though is vulnerable software installed on your site. It happens a lot. You didn't post a link to your site so I don't know what software you're using, but software vulnerabilities are common. WordPress and Joomla are two well known programs that are infamous for being easily hackable, especially if you install random plugins/extensions. Also, many of the "free" WordPress themes you find online at random websites are actually backdoors designed with to let in hackers. If you use such software on your site, make sure to keep everything updated. Also, remove any themes and extensions you installed, and only install ones trusted sources.

 

Thanks the website uses Wordpress but I didnt have any bad themes or plugins - only ones I have purchased from developers. I think HelioHost must have had something to do with it.

[Sove]

If you think your cPanel password is compromised, change it first. The more likely problem though is vulnerable software installed on your site. It happens a lot. You didn't post a link to your site so I don't know what software you're using, but software vulnerabilities are common. WordPress and Joomla are two well known programs that are infamous for being easily hackable, especially if you install random plugins/extensions. Also, many of the "free" WordPress themes you find online at random websites are actually backdoors designed with to let in hackers. If you use such software on your site, make sure to keep everything updated. Also, remove any themes and extensions you installed, and only install ones trusted sources.

Thanks the website uses Wordpress but I didnt have any bad themes or plugins - only ones I have purchased from developers. I think HelioHost must have had something to do with it.

Doubt it, in 99 times out of 100, it's the user doing something wrong, and this seems to be just another one.

[wolstech]

WordPress is almost certainly the cause. Was it up to date? Many of the minor updates to it are to fix issues like these, but a lot of people don't realize that or forget to install them.

 

Also, even if plugins are legitimate, they can have vulnerabilities that can be used to hack your site. There are lots of legitimate plugins and themes, both paid and free, whose newest version has security holes. Using paid plugins or themes will help reduce the risk of vulnerabilities or intentional back doors, but there is no way to eliminate the risk entirely.

 

The more popular the software is, the more likely it is to be targeted by hackers. WordPress and popular plugins are such a target because they are heavily used.

 

Odds are extremely good (I'd say 99.99%) that it was NOT Heliohost's fault. If it were, everyone else would be having the similar problems with their site. WordPress is easily the most common CMS I see "hacked site" posts for, and it's almost always due to someone using outdated software, outdated plugins, plugins with security holes, or themes with malware.

 

I'd recommend you get the latest version of WordPress and whatever plugins you use and update everything. You might want to make a backup and antivirus it as well.