This site got hacked

I’m sorry to say that the title is not clickbait, this site was hacked into yesterday.I don’t think that much damage was done, aside from the loss of user passwords. Whoever hacked into my site had a tough time, as I have CloudFlare blocking bots and WP Cerber blocking brute force attempts. However, they were able to break my defenses and break in. Whoever hacked my site could have changed your passwords, but not read it. So if you do happen to have used the same password, it’s most likely safe as it was salted and hashed by WordPress. You will have to click on the reset password link to gain access into your account, and I will discuss why in the next paragraph.

My response

What I did was to move this blog into my WordPress multisite, so it’s easier for me to maintain and update, which I believe was the problem. I appear to have missed an update, and that may have provided a way into my server. Anyways, in the process of moving my blog over, the passwords were lost, so you’ll have to reset them. I did harden my WP Cerber settings, so if you miss the password more than twice in ten minutes, you have to wait 2 hours to try again. So, if you’re unsure about your password, just reset it. I’m aware that this is not a perfect solution, but it will have to do. I also just marked all email subscribers as confirmed during the transfer, so if you were no longer interested, feel free to unsubscribe with the link provided at the bottom of each post email. That also reminds me that multiple new post emails were sent yesterday, and that was because I was restoring my database. At least I had a backup plan ๐Ÿ™‚ .

One comment

  1. Just because you missed one WordPress update doesent mean itโ€™s insecure, and anyways You were running the latest WordPress version. So how you got hacked is still unknown, probably a vulrenability in one of your plugins…

Leave a Reply(Markdown is On)