Blocking Legitimate Visitors To My Blog Posts

[AITpro Admin]

We can refund your BPS Pro purchase if that is what you want to do.  No big deal.  What is a big deal is that I need to explain to you how hacking works so that you fully understand your situation.  Installing security plugins after a website/hosting account is already hacked is the same thing as putting a band-aid on a bullet wound (no pun intended).  You need to remove the bullet and then bandage things.  You are probably stopping any further obvious hacking (porn link injection, etc) from occurring, but the fact remains that your website/hosting account is still hacked.  I am 100% convinced of that after about 10 years of doing this stuff.  So let me give another very common scenario:

hackerA is using a shell script that he/she uploaded and has total control of your entire hosting account and cares that you know whether or not your site is hacked. hackerA will be very careful not to show any obvious clues that he/she has total control of your hosting account. Or in other words, you will have no indicators at all that your hosting account is under the complete control of hackerA.

hackerB is injecting obvious porn links and does not care if you see those porn links.  hackerB will usually do a search for “dorks” to find websites that are already hacked and use the backdoor shell script that hackerA uploaded/created to control your hosting account.

The hacker did not keep coming back to do additional hacking.  Once your site is hacked – it is hacked forever until you completely clean it up.  In other words, the original hack still exists and will continue to exist until you clean up your entire hosting account.  Putting a band-aid on things does not fix the hack. 😉

[BuildPath]

Gotcha. Yeah, unfortunately it’s on a server with many other sites. I should never have left rev slider on my sites. smh.

For now, no refund requested.

• Do you offer a service to restore hacked sites?
• If I deactivate BPS does it undo everything and eliminate all the blocking problems you mentioned?

[AITpro Admin]

At this time we don’t offer any hack cleanup services.  Sucuri does for a decent price.
Deactivating BPS Pro turns off all Cron jobs:  AutoRestore, etc.  BPS Pro has On|Off capability for each security feature individually.  See the BPS Pro troubleshooting steps here for how to turn BPS Pro security features On or Off:  https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

I don’t want to give you any false hope, but you might get lucky by just doing some of the steps in this website hack cleanup forum topic:  https://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/

Example:  Manually delete and replace all WP folders and files using FTP.  Assume your WP DB is clean and do not do restore your DB.  Then check through all the hosting account folders for any hacker files.

[AITpro Admin]

Also you can try this manual method of replacing plugin files in case plugin files have been modified by the hacker.  This method assumes that the hacker did not get into your WP DB and add things in any plugin settings in your DB. This method allows you to keep all plugin database settings and only replace plugin files assuming that only plugin files were modified by a hacker.

1. Use FTP and delete your plugin folders one by one.
2. Reinstall plugins one by one.

[BuildPath]

Thanks for the help. I had already done things like replace wp install (rm -rf and reupload new, not just “reinstall” from wp-admin) and that seems to have helped. I guess Sucuri is helping with that bandaid of disabling script execution in uploads folders … looks like there were some old things in there on a couple other sites. I’ll work on cleaning this site as well following your guides best I can. thanks

[Author]

Posts