Massive WordPress Security Alert - My WordPress Website Was HACKED! Must Watch Video!!

Рет қаралды 25,801

WPCrafter.com WordPress For Non-Techies

Күн бұрын

I thought it could never happen to me. I was wrong, my website was hacked. Find out what happened and why it was not that big of a deal for me.
Make a backup now. Here is a vintage WPCrafter video that will show you exactly how I backup offsite using a free tool • How To Backup A WordPr...
Get better hosting www.wpcrafter....
EXCLUSIVE WORDPRESS DEALS 2023
🟡 SureCart -- www.wpcrafter.... (SAVE 50% Auto Applied)
🟡 SureMembers -- www.wpcrafter.... (SAVE 50% Auto Applied)
🟡 Presto Player -- www.wpcrafter.... (SAVE 33% Auto Applied)
🟡 Astra Theme -- www.wpcrafter.... (SAVE 10% Coupon WPCRAFTER)
🟡 CartFlows -- www.wpcrafter.... (SAVE 40% Auto Applied)
🟡 Cloudways -- www.wpcrafter.... (SAVE 20% Coupon WPCRAFTER)
🟡 BuddyBoss -- www.wpcrafter.... (SAVE 10%)
* Want to offer a discount to WPCrafter subscribers, contact me on my website
BEST WORDPRESS PAGE BUILDERS
🟡 Spectra -- www.wpcrafter....
🟡 Elementor -- www.wpcrafter....
🟡 Beaver Builder -- www.wpcrafter....
🟡 Divi -- www.wpcrafter.... (SAVE 20%)
BEST WORDPRESS HOSTING
🟡 Full List -- www.wpcrafter....
🟡 Cloudways -- www.wpcrafter.... (SAVE 20% Coupon WPCRAFTER)
🟡 Hostinger -- www.wpcrafter.... (SAVE 75%)
🟡 NameHero -- www.wpcrafter.... (SAVE 70%)
🟡 SiteGround -- www.wpcrafter.... (SAVE 70%)
CONTACT WPCRAFTER
☑ Website -- www.wpcrafter.com
☑ Facebook Group -- / wpcrafter
☑ Twitter -- / wpcrafter
☑ Twitter -- / adampreiser
All of the opinions expressed in this video are my own, I was not paid to make this video. Whenever there is a link in any of my videos, if there is a referral program available, please assume that you are clicking on a referral link.

Пікірлер: 166

@doubler287 5 жыл бұрын

Hey Adam, we have been making backups every 4 hours for our clients since 2015 (soon to go to 3 hours). But there is one thing you need to keep in mind. Make sure you have monthly backups that are kept for at least 6 months. A trend among hackers is to use a vulnerable to create a "back door" and then they will go dormant for a long while. Then when you least expect it they attack and when you load up your backup, the back door is in those backups as well. The reason I know this several of our clients last summer were hacked, they had backups dating back 4 months, all their backups had the back door in their backups. I like your thinking... No such thing as too many backups! Thanks for sharing Adam.

@WPCrafter 5 жыл бұрын

Yea I have a crazy automated setup. It goes like this > backup every 4 hours and is sent to Dropbox > Dropbox pushes to my computer > My computer has backups to a NAS here. I end up with backups going back 12 months or more. And one time I did indeed need it.

@prateek1703 5 жыл бұрын

Most virus scanners would detect those backdoors.

@EndAllDiseasecom 5 жыл бұрын

Great point thank you so much.

@abuhssankaskey6143 5 жыл бұрын

@@WPCrafter wow it really crazy automated setup for backup

@WPEagle 5 жыл бұрын

Great video! Lot of hacking going on right now. I did a video on this just the other day!

@PixemWeb 5 жыл бұрын

Thanks for sharing your experience. Your recommendation of having an off site backup is 100% correct and the best advice. As a developer, I know that no advance piece of software/app/plugin with hundreds of thousands or millions of lines of code can ever be 100% secure. Mistakes happen to even the best coders out there, hence why having a backup is a must have solution. I'm going to analyze what's changed from the previous version of the plugin to the patched version for my own edification. Again, thanks for spreading the word.

@LABOROFLOVETV 5 жыл бұрын

Cutting edge content as usual! Thanks for keeping us on our toes. Very Best Regards, Nate

@ChristinaMcKay 5 жыл бұрын

Thank you very much. Could you please share the link to the list you found on Facebook?

@themedleb 5 жыл бұрын

Yes, please.

@furtrapper11 5 жыл бұрын

Today, my website was hijacked and my host wanted $300 to help recover it. Thankfully I had watched your video a year ago and installed updraft! My recovery was easy-peezy and all by myself...Thanks Man!

@WPCrafter 5 жыл бұрын

Sorry to hear and happy you had a backup. Did you have Yellow Pencil installed on your website?

@furtrapper11 5 жыл бұрын

@@WPCrafter YES... and it had the most recent change date. I suspected it. I just noticed that I am reinfected so I guess that I have to ditch Yellow Pencil and maybe load a much earlier backup.

@WPCrafter 5 жыл бұрын

@@furtrapper11 You would have needed to disable YP. But they have an update out that fixes the vulnerability.

@Potenti4lz 5 жыл бұрын

I hate when themes recommend installing like 10s of new plugins. :(

@Roy-kq3cv 4 жыл бұрын

yes, I installed a couple of these recommended by Divi and now I am like.. what d fq

@caryhuff8924 5 жыл бұрын

Thanks for not only looking after us Adam, but giving us timely solutions. G'day from Australia mate. 🇦🇺😎

@northtexasturfpros4083 5 жыл бұрын

Just a brief clarification. In my formal life in the banking industry I was an Enterprise Risk Analyst and a control tester for JPMC and a very large corporate credit union. Your suggestion, which is over all great by the way, is technically a “loss mitigation” control - rather a way to “prevent” the risk from occurring; which is how you described it. (Not trying to be nit-picky, but to just add value to your suggestions and explication). Backups won’t *prevent* a hack from occurring; they will just help with what’s called “business continuity” I.e, processes and procedures that assist with a businesses ability to get back up and running after an incident causes down-time. Firewalls and dedicated IPs and things of the like help with preventing hacks. Thanks for the update Adam!

@Sergeant_Camacho 5 жыл бұрын

Good to hear that you fixed this! Keep the videos coming!

@AG-sb7pu 5 жыл бұрын

Thanks, Adam for keeping us updated!

@terryhatziieremias 5 жыл бұрын

I have a backup but how do I know when the hacked happened to restore the correct one?

@TheGrateful108 4 жыл бұрын

develop everything off site and use off site backups. The only sure way to know is constantly updating from off site original, replacing online exposed ones. If the files were exposed, they can't be trusted. You can go one step further - have one account for offline development and another for hosting to prevent cross contamination. Use Linux or Mac

@HorusLondon 3 жыл бұрын

Old video, but I hope to get answer to my question. In your opinion what is the best security plugin available at the moment?

@iagroupmedia 5 жыл бұрын

Hello Adam, there is another hack via the register to site e-commerce, someone will register as a customer to buy or download for example, but somehow the user made himself administrator. I deleted them since administrators can delete content or edit links i suppose. I deactivate register option for now.

@kanufree 3 жыл бұрын

Good, that is the first option to do if you're developing a website.. You must choose to be customers or subscribers.. If you're using E-commerce is wise to turn it on

@trackchannel1932 5 жыл бұрын

Is my yesterday backup ( or last week backup ) is safe ? I mean they maybe can install the hack one day and "activate it" a week later ?

@WPCrafter 5 жыл бұрын

Yes that happens. That's why it is good to have to rolling 30 days of backups.

@DivyanshuChadhaB-uy3ei 4 жыл бұрын

Good video.. I want to ask about a change I made... I used the advance settings and enabled admin URL.. didn't break my site.. can there be future problems with that feature ?

@anainmazatlan 5 жыл бұрын

Hey Adam....thanks AGAIN for helping us keep informed. Just wondering that if we backup every fours hours as you suggest, then how many backups should we be keeping in storage before we overwrite or delete the older ones?

@WPCrafter 5 жыл бұрын

I need to clarify that. I do 4 hours because my website is constantly changing with activity. Less active sites don't need to be backed up as often. I send them to Dropbox, and then they are sent to my local computer. I keep 7 days worth, but my local PC has its own backup that lasts much longer.

@anainmazatlan 5 жыл бұрын

Thanks Adam...that’s very clear now.

@sheranperera5645 5 жыл бұрын

hi there, can you make an video on how to protect digital downloads on wordpress???

@cursoderobotica 5 жыл бұрын

thank you Adam!! thank you!! ❤️😁❤️

@WPCrafter 5 жыл бұрын

Thanks for watching.

@souvikmandal1714 4 жыл бұрын

Make a video on this topic, best security plugin free and paid in 2020.

@miguel213 5 жыл бұрын

In regards to these plugin vulnerabilities, should this be something we should be concerned with on local wordpress installations? Also, once the plugins are deleted, do any of these leave remnants in the database? Such as extra tables?

@WPCrafter 5 жыл бұрын

You have nothing to worry about on local installations because there is no way for one of these scanners to access your site since it's not publicly accessible.

@miguel213 5 жыл бұрын

@@WPCrafter sounds good, thank you for your time Adam. Best regards.

@revelation333 5 жыл бұрын

I would recommend to backup every week not every 4 hours otherwise the virus might be traveling with your backup. I respect this man and it's only my advice but not trying to disagree with him his right aswell.

@WPCrafter 5 жыл бұрын

For me, it is important because my database is constantly changing with comments, student registrations, course progress, etc.

@revelation333 5 жыл бұрын

@@WPCrafter Absolutely that's true what u said, We need to back up every 4 hours for established sites. For newcomers learning to create new sites and editing continuously must not keep the backup on auto and need to back it up less frequently otherwise the database may get corrupted if files are being edited while the backup is also being copied. In that case we need to back it up manually or weekly after an edit for new sites under construction sites. I love your video's keep us updated with all your research. Thanks

@manashmalakar 5 жыл бұрын

Tomorrow i am working on my website and my itheme security detects some suspicious activity to my website who doing something wrong to my website... I am sharing that ip addresses 1. 66.249.79.102, 2. 203.133.169.113. They are lockedout by the security pligins... Can you tell me that is that good or bad?

@TommyCregan1 4 жыл бұрын

Update your website with security headers, particularily a content security policy. Blocks all non whitelisted resources :)

@kevinroberts3789 5 жыл бұрын

Best Protection: regular backups Second-best Protection: paying attention to Adam Preiser Thanks for this post Adam.

@24SevenMarketing 5 жыл бұрын

How about a link to those 300 plugins that MIGHT also be vulnerable

@adityababbar3642 5 жыл бұрын

Please share the list of 300 plugins which might be vulnerable

@vegardbell 5 жыл бұрын

Paid plugins with frequent updates, and not too many plugins...and also daily backups. That's my plan.

@Tammysoffices 5 жыл бұрын

Thank you so much for the information. Social Warfare tweeted that they have an update and it should be fixed - how soon can we 'trust' this again (I have the paid version)?

@digwillhachi 5 жыл бұрын

Thank god i don’t use this plugin. I was sweating for a min. My thoughts go to those who were hacked. Such a pain in the butt.

@spicer41282 5 жыл бұрын

Say Adam, Just sayinn?? If your backup offsite utility is a free a tool? Doesn't that go against the grain of your message about paid vs. unpaid dangers of hacking vulnerabilities? Thanks for the heads-up on this new crap-hack though! The community appreciates it...

@WPCrafter 5 жыл бұрын

Ha, great call out. I have the paid version of the plugin, that does the offsite backups. But it doesn't go against it, because there is a massive business model around the free version of the plugin. Of course, the paid version is not needed to backup offsite. But you go look at all the free backup plugins with less than 50k installs and no business behind it, those I won't use.

@pwtgteam904 5 жыл бұрын

Thanks for the heads up!

@babashopcr 5 жыл бұрын

Hi Adam.. i have 2 problems like this... whats plugins protec you recomend to use.? Thanks

@insaneminer 4 жыл бұрын

Do you know what attack it was, xss,php injection, login brute force, sql injection.

@fjuraa 5 жыл бұрын

Hi Adam, I was creating a backup with updraft and uploading it to google drive, but I noticed that it cut my "uploads" folder into more pieces, did you ever experience that? Not sure how I would then import it, if it has many parts...

@kuistotb9507 5 жыл бұрын

hello, thanks for notifying. I am using itheme on my site which has been signaling time to time (for about 5 days already) that a user trying to connect as admin has been blocked. Do that mean am hacked? how do we really identify we are hacked? Thanks

@jayjayf9699 5 жыл бұрын

Wtf is going just when I’m starting to learn about Wordpress security and all of a sudden youtubers that I’ve watched have gotten hacked, I’ve just watched your ithemes video two days ago

@appleguy1986 5 жыл бұрын

Thanks Adam!

@nickriceplank 5 жыл бұрын

Important vid. Sending warning and link to it to a couple of people right now.

@dineshsunny18 5 жыл бұрын

Hi Aadam, thanks for the alert. I just noticed Forum section from your website is missing! any reason?

@WPCrafter 5 жыл бұрын

I am gonna take it down, just not sure how. It's still there, just the link is gone.

@dineshsunny18 5 жыл бұрын

@@WPCrafter So, you are going to remove the forum section permanently, why like that? please let us know.

@ClementDupuis 5 жыл бұрын

Nothing will protect you against a zero-day vulnerability. There is always a window for exploitation. Some integrity tools could alert you of unauthorized changes to any of your files in real time and even restore the correct version for you. Not an easy game to play for non-technical people. A backup allow you to restore the version with the vulnerability, it is important to find the root cause and fix it or else you will be hacked repetitively.

@theballpointpens3952 5 жыл бұрын

Thanks, Adam.

@ecartking2452 3 жыл бұрын

how to audit website? any tools?

@jasonb3370 5 жыл бұрын

Thats happening to me right now, I don't have any backup and i need a fix

@emanuels2238 5 жыл бұрын

Try Sucuri. it is usually able to rescue your site even after being hacked.

@HP-vt7pt 5 жыл бұрын

so will you change your hosting cloudways to managed wordpress hosting?

@WPCrafter 5 жыл бұрын

No I'm happy with my hosting.

@xr6mm 5 жыл бұрын

What firewall plugin are you running Adam?

@WPCrafter 5 жыл бұрын

I was using WebARX which advertises that they protect against 0-day attacks :-(

@harbourdogNL 5 жыл бұрын

When you see a plug-in that says it's 'open source software' isn't that an automatic red flag?

@TheDesignCreative 5 жыл бұрын

Most WordPress plugins are open source that’s the point of WordPress

@harbourdogNL 5 жыл бұрын

@@TheDesignCreative So 'pro' versions of plug-ins are still open source?

@WPCrafter 5 жыл бұрын

Most of the Internet is powered on open source software. I'm not talking about WordPress, I'm talking about the server infrastructure.

@harbourdogNL 5 жыл бұрын

@@WPCrafter Aha, thanks. TBH I didn't realise that.

@websitemaintenance 5 жыл бұрын

I've tried contacting you several times. Wish we could connect!

@jasonbeard 5 жыл бұрын

What group was that on FB you said you seen the post. in yr vid here about 5:20

@WPCrafter 5 жыл бұрын

Oh I stated it there for sure. Its the MarTechWise group. It's a great group.

@jasonbeard 5 жыл бұрын

@@WPCrafter Cheers ole matey

@shahzadhaider9195 5 жыл бұрын

Adam you are great dude))

@mortensuperlite 5 жыл бұрын

So what is the conclusion on Webarx?

@WPCrafter 5 жыл бұрын

They make a lot of marketing claims and it's not clear if what they claim is even possible. Their website claims they protect against 0-day attacks and that they check if your site has been changed.

@jayjayf9699 5 жыл бұрын

Doesn’t ithemes help protect plugin hacks ?

@LockedownSEO 5 жыл бұрын

Not if there's a zero day exploit.

@learnwithmahad 5 жыл бұрын

Thanks a lot,.

@Mayanktaker 5 жыл бұрын

Security is the reason I am leaving wordpress..

@caribguy2007 5 жыл бұрын

What is the point of a backup if you dont know when the hack happened or what the hack was like most people.

@WPCrafter 5 жыл бұрын

Because if you watch my backup tutorial you would have 30 days of backups and potentially 6 months. If you are not engaged enough with your website to notice a hack within 30 days, you should hire someone to manage it for you.

@webdesignplusseo3793 5 жыл бұрын

@@WPCrafter That still did not answer the question i mentioned. Never said the hack didnt get noticed. I said how is the average person supposed to know WHAT or HOW it got hacked. A backup does not say hey buddy, this plugin is a problem. You can go back 30 days, doesnt mean the hole is still there, so what is the point. I got hacked a week ago, did your restore and it happened again.

@WPCrafter 5 жыл бұрын

Your website is almost always hacked when there is a vulnerability in a plugin. That happens either when you are not on top of keeping things updated, or in this case when there was a 0day attack. In both situations, a backup saves your ass. Simply restore the backup then update. Problem solved!

@caribguy2007 5 жыл бұрын

WPCrafter.com WordPress For Non-Techies as your video stated what if you have a website that does not have an updated good plugins, your site got hacked right. Sites still get hacked even when you do, maybe you did a check on all your plugins to find your social was the issue but not everyone is going to go through and spend hours to see if there is an issue with plugin x. Maybe you have a small plugin, chance of finding data is zero. Basically shit happens and there is no point of putting a bandaid on something that needs stitches. Backups dont solve the hole that is there, backdoor, bad files or anyone coming in again if you dont find the issue, bad plugin is still there. All your doing is removing the hack by using a backup not preventing. This video is very one sided. Anyways thanks, was just looking for a solution since you seemed like an expert, wasn’t looking to make this in to a big deal.

@WPCrafter 5 жыл бұрын

I just don't understand your argument here. Is it that having a good backup is not a good idea? That somehow it's not something that should be a site owners priority? And that because I am saying it is a good idea that the video is one-sided somehow? I would wholeheartedly disagree with that. Having a quality backup solution is place is ALLWAYS the ONE THING you have control over and is 100% the highest priority unless you want to spend $200 to Securi or some other service to fix your website. Priority one is always to get your website back online and buys you the time to sort everything else out.

@warneretaylordotcom3029 5 жыл бұрын

Hey I'm going to do a Facebook Live and mention your website on my live,

@DescendantsOfEnoch 4 жыл бұрын

google drive?

@thierrymaesen8228 5 жыл бұрын

Now it's ok.....end for this alert....

@WPCrafter 5 жыл бұрын

Haha, I think there will be more, would you agree?

@mdmhassan1321 5 жыл бұрын

I have been facing a problem when i install themes. all themes looks like the screenshot: prnt.sc/n2s46h . where the theme is not rellay like this. theme sample: prnt.sc/n2s5y2 .... How can i solve this problem. if you can Help with this issue it will be great.. waiting for response.

@randomguy-26 5 жыл бұрын

Is Google Drive backups an off-site backup?

@miguel213 5 жыл бұрын

Yes, those backups are stored in 3rd party cloud storage, which is outside of your hosting server

@Potenti4lz 5 жыл бұрын

Which hosts do you use?

@themedleb 5 жыл бұрын

I think he uses InMotionHosting.

@THEROBINKEVIN 5 жыл бұрын

Plz post Facebook link ...

@Potenti4lz 5 жыл бұрын

Sounds like a code injection exploit...

@georgekontus6301 5 жыл бұрын

You are wrong my friend. Someone got your domain's secret key. The end.

@shivanipaul3822 5 жыл бұрын

Zero views but 4 likes

@WPCrafter 5 жыл бұрын

That happens to all KZbin videos when they are first published. Thumb's up show immediately, views don't.

@DivineMisterAdVentures 5 жыл бұрын

Eighty bucks a month - oh man - CHEAP!!

@billybussey 5 жыл бұрын

I couldnt get past your intro

@WPCrafter 5 жыл бұрын

Sorry about that Mr. President.

@popmuzik7136 5 жыл бұрын

you use too many plugins. my sites have just a few and only by larger, reputable developers. LESS IS MORE !!! so funny that youre admitting youre own faults ! you know whats RIGHT to do but dont do it....