• You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

Babiato Resources getting hacked or malicious codes? Do THESE NOW!

Sometimes the hosting platform you use matters, i will advice you use namecheap or hostinger, they have antivirus scanner on all their hosting package, anytime someone tries to upload a malware or access your CP, they always block it and will send you an email asking if you were the one that was trying to upload it.....
 
I was about to write a similar post.
And I noticed nowadays, Most of the WP sites getting XML-RPC brute force attacks.
And of course, Babiato is not responsible for getting hacked as I believe most of the time it happens for old versions of plugins or themes.
Thank you so much for the post.
Take my love.
 
Last edited:
emailtoxima said:
Sometimes the hosting platform you use matters, i will advice you use namecheap or hostinger, they have antivirus scanner on all their hosting package, anytime someone tries to upload a malware or access your CP, they always block it and will send you an email asking if you were the one that was trying to upload it.....
Click to expand...
I don't use shared or reseller hosting. I use a 4-slice VPS plan from Interserver + additional features. That's where I have all of my websites and I pay a lot on a monthly basis to have my website running effectively. Namecheap isn't even secure. Lol.
 
Last edited:
  • Like
Reactions: yawspok
Zer01ne said:
I was about to write a similar post.
And I noticed nowadays, Most of the WP sites getting XML-RPC brute force attacks.
And of course, Babiato is not responsible for getting hacked as I believe most of the time it happens for old versions of plugins or themes.
Thank you so much for the post.
Take my love.
Click to expand...
True. It is very easy for those who do not understand the complexity of WordPress security to say a resource they downloaded from Babiato got their site hacked. I just hope everyone can take extra precautions concerning their sites. You're welcome :)
 
  • Love
Reactions: BaapJaan
I ineed saw some activity like that, but it should not be on babiato as this community is so far good enough for all, so whoever is playing with nonsense code to get some crypto or money they can ?uck and ?uck their minds.
 
Escanor64 said:

Please take the time to read this!


In the past weeks, there have been several claims by users that resources from Babiato are riddled with malwares or that they downloaded resources from here only to get hacked or suspended by their hosting provider, with the recent complaint being this.

I actually use some of the resources here, most importantly Publisher Theme. I have several sites but my Publisher themed sites have suffered attacks the most. As a matter of fact, I wake up on some days only to see new categories and posts totally unrelated to my niches posted with several backlinks. All three of my Publisher-themed websites were successfully hacked, new posts created as well as new categories. Also, my files were modified with backdoor codes injected and funny media extensions uploaded to my root folder. I cleaned ALL, deleted my theme and plugin folders, reuploaded the Publisher theme and all of my plugins and changed all my passwords. A couple of days later, they were all hacked again.

Here was what I noticed; @TassieNZ shared the last update for the Publisher theme which was in July 2021 (well over a year ago). I'm not saying he did anything but a year since the last update of a WordPress theme and plugins is a recipe for disaster. Unfortunately, Babiato is well updated on the theme and it means the developers have not released any new update since over a year ago. Here is the official changelog of the Publisher Theme.

So, how do you prevent your WordPress blog/website from getting hacked?


1. CHOOSE a WordPress theme that is constantly updated! AVOID themes like Publisher, whether you buy from the developer or use the nulled version. It is a bad choice!
2. Disable theme and plugin editor on your WordPress backend. This is so that if your login details are hacked, it would be impossible to upload any malicious code into your root files. To do that, copy define( 'DISALLOW_FILE_EDIT', true ); into your wp-config.php file just above the line that says ‘That’s all, stop editing! Happy publishing’
3. Install Wordfence Premium from Babiato to your site. The free version is good but the premium is more robust. If you have a static IP, whitelist your IP and Immediately block IPs that access these URLs "/wp-login/" and "/wp-admin/". Also look through the settings and beef up your security.
4. Install Sucuri to monitor whatever changes was made to your files or activities done.
5. Disable the REST API for non-authenticated users. NOTE: Disabling the REST API completely breaks WordPress administrative functionality. If you want to disable access to REST API endpoints, you should instead only accept requests from authenticated users. Copy the following code snippet and then paste it at the bottom of your child's theme functions.php file:
add_filter( 'rest_authentication_errors', function( $result ) { if ( true === $result || is_wp_error( $result ) ) { return $result; } if ( ! is_user_logged_in() ) { return new WP_Error( 'rest_not_logged_in', __( 'You are not currently logged in.' ), array( 'status' => 401 ) ); } return $result; });
6. Disable the XML-RPC API for your website. XML-RPC is a security hazard. It’s often exploited by attackers looking to break into your site or launch a distributed denial-of-service (DDoS) attack. Most of XML-RPC’s functionality has been superseded by the REST API anyway, so disabling it doesn’t affect your experience all that much. You can use the Disable XML-RPC free plugin in the WordPress directory to do this but I recommend Hide My WP Premium plugin. This is so because you need to blurt out some information from your website such as version number, etc., which hackers often use to exploit website securities. In my case, I later found out the hacker was remotely posting on my website using the XML-RPC API without needing to login to my sites after cleaning up the entire sites. I have attached a screenshot from the Hide My WP Plugin where the hacker was trying to call the API after I disabled it.

Hackers are smarter and so should you! All the best!!!
Click to expand...
Great explanation, anyway instead of Hide My WP Premium I'd suggest to use WP Hide Security Enhancer Pro because it offers more features and it's definitely of superior quality in terms of security.

It's a bit trickier to get it working for the average user, but if configured properly and if proper measures are taken in order to make a WordPress website bullet-proof, the final outcome has no comparison in terms of efficiency and control over your own security.

Anyway now you gave me a good idea, I'll write a Thread about how to make a WordPress website bullet-proof covering parts going from OSINT/Recon Ops, to Hardening, Penetration Testing, Patching to finally plan an Incident Prevention & Response Strategy and last but not least, a Disaster Recovery Strategy.

Will post here the link to it once it will be ready!

Cheers :)
 
  • Like
  • Love
Reactions: ganjafama, Mscv50 and kevinschmidt
Escanor64 said:
I don't use shared or reseller hosting. I use a 4-slice VPS plan from Interserver + additional features. That's where I have all of my websites and I pay a lot on a monthly basis to have my website running effectively. Namecheap isn't even secure. Lol.
Click to expand...

I know it's a bit late, but if you are being hacked on a VPS, most of the time, the fault lies on you.
The server is yours to use and maintain.
Basically, it's your server.
Personally, I like the combo Cloudflare Pro + Bitninja.
If you take security seriously, plugins are useless.
 
  • Like
Reactions: Bossmanuk and zane09
Good tips, but if you able to avoid Wordpress; I suggest that because of WP is not easy to secure.
 
cesareborgia said:
I know it's a bit late, but if you are being hacked on a VPS, most of the time, the fault lies on you.
The server is yours to use and maintain.
Basically, it's your server.
Personally, I like the combo Cloudflare Pro + Bitninja.
If you take security seriously, plugins are useless.
Click to expand...
All Security plugins are USELESSSSS, depending on who is targeting you.. Yea that's right!
Learn how to use Cloudflare to protect your website and sleep with your 2 eyes closed 😴
 
  • Like
Reactions: cesareborgia
falconIV said:
I always scan the files in virus total after downloading from here.
Click to expand...
That's the recipe for a great disaster; the virus total is not omnipotent like everyone is inclined to believe.
Virus total can't find the security holes the developer has internationally / unintentionally added to their code.
It can not find some backdoors among so many other things.
Always use the latest version of the files.
Don't use the files which are no longer maintained.
Always download the files which are approved or added by trusted uploaders.


Use the method given here + a security plugin

And lastly, Have a great day!

Cheers 🥂
 
Last edited:
  • Like
Reactions: Escanor64 and BaapJaan
You must log in or register to reply here.

Similar threads

F
is there a forum like babiato, but for drupal resources?
Replies
1
Views
2K
General Tech Discussion
tugster
tugster
Morehere
Tricks to recover lost contents after Babiato lost DB data
Replies
14
Views
1K
General Tech Discussion
Morehere
Morehere
inliadev
Does anyone have another option for Babiato
Replies
3
Views
870
General Tech Discussion
BlakenFist
BlakenFist
blow
  • Poll
[Poll] Would You Like To See A Wordpress Discussion Section Added To Babiato?
Replies
3
Views
668
General Tech Discussion
frizzel
frizzel
sectaofire
How Babiato fights Spam?
Replies
4
Views
907
General Tech Discussion
ELLIO7
ELLIO7

Latest posts

Forum statistics

Threads
79,462
Messages
1,142,921
Members
248,493
Latest member
ShantuJhantuMantuBunTHU

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock