I use the Pitch template for my non-profit art project: http://whatmatters.lanayu.net. It is a sub domain of my primary website www.lanayu.net. The subdomain (WordPress Blog) site has been hacked five times now, twice this month and at least three times before that since last year. My hosting company keeps shutting down my entire domain due to infected files and to prevent Spam being sent from my WordPress blog site.
Do you have any suggestions for me?
Just a couple days I ran Wordfence to clean up malicious files. I also updated WordPress to the lastest version and deleted unused plug-ins or add ons.
What else can I do?
If I upgrade to the paid version of the template would there be additional security in place?
If I move the site to the WordPress.org free servers would security also be better?
This is a re-occurring problem that I need to fix once and for all. I have considered taking down the whole site but it will be a lot to rebuild it from scratch.
Thanks for your help!
Below is the email sent by my hosting company:
Dear Valued Customer,
Thank you for choosing Hostway.
We have been notified by our System Administrators of an abuse activity under your hosting plan for “lanayu.net”. It appears the site has been compromised and malicious scripts were deployed to send unsolicited email through our hosting servers . As such the website has been disabled.
Related information that will help your website developer :
=============================================================================
HTTP Access logs :
69.89.31.108 – – [10/Jan/2015:19:55:53 -0600] “POST /wordpress/wp-includes/js/tinymce/plugins/paste/js/include.php HTTP/1.1” 200 64
212.89.13.109 – – [10/Jan/2015:19:56:29 -0600] “POST /wordpress/wp-includes/js/tinymce/plugins/paste/js/include.php HTTP/1.1” 200 64
69.89.31.108 – – [10/Jan/2015:19:56:43 -0600] “POST /wordpress/wp-includes/js/tinymce/plugins/paste/js/include.php HTTP/1.1” 200 64
212.89.13.109 – – [10/Jan/2015:19:57:17 -0600] “POST /wordpress/wp-includes/js/tinymce/plugins/paste/js/include.php HTTP/1.1” 200 64
69.89.31.108 – – [10/Jan/2015:19:57:31 -0600] “POST /wordpress/wp-includes/js/tinymce/plugins/paste/js/include.php HTTP/1.1” 200 64
212.89.13.109 – – [10/Jan/2015:19:58:05 -0600] “POST /wordpress/wp-includes/js/tinymce/plugins/paste/js/include.php HTTP/1.1” 200 64
69.89.31.108 – – [10/Jan/2015:19:58:19 -0600] “POST /wordpress/wp-includes/js/tinymce/plugins/paste/js/include.php HTTP/1.1” 200 64
212.89.13.109 – – [10/Jan/2015:19:58:53 -0600] “POST /wordpress/wp-includes/js/tinymce/plugins/paste/js/include.php HTTP/1.1” 200 64
Example spam email being sent :
218P Received: from lanay1 by lsh1022.lsh.siteprotect.com with local (Exim 4.80)
(envelope-from )
id 1YA7tQ-0000GL-3L
for [email protected]; Sat, 10 Jan 2015 20:04:40 -0600
031T To: [email protected]
048 Subject: RE: Hi BBC rips Texas redhead’s pussy
046 X-PHP-Originating-Script: 2016962:include.php
061F From: “Beatrice Koch”
064R Reply-To:”Beatrice Koch”
023 X-Priority: 3 (Normal)
018 MIME-Version: 1.0
046 Content-Type: text/html; charset=”iso-8859-1″
032 Content-Transfer-Encoding: 8bit
060I Message-Id:
038 Date: Sat, 10 Jan 2015 20:04:40 -0600
Hi lanayu
Sorry to hear about the hassle.
Sounds like you’ve taken what steps you can. Upgrading the theme to premium won’t help security. I would have recommended running a plugin like WordFence, you’ve done that already. Limit the amount of plugins you use, delete ones you don’t need anymore. I’m afraid any steps beyond that are out of my area of experience. It’s not possible to move your self-hosted WordPress installation to the WordPress servers, I think you’re thinking of WordPress.com, that a bit different, yes, security would be handled for you on a hosted solution like WordPress.com.
Here are a few resources you could check out:
http://codex.wordpress.org/Hardening_WordPress
http://www.woothemes.com/2013/09/improve-your-wordpress-security-with-these-10-tips/
http://premium.wpmudev.org/blog/keeping-wordpress-secure-the-ultimate-guide/
Hope you make progress here.