• Skip to main content
  • Skip to forum navigation

StudioPress

  • Shop for Themes
  • My StudioPress

Forum navigation

  • Home
  • General Genesis Discussions
  • StudioPress Themes
  • Genesis Blocks
    • Genesis Blocks
    • Genesis Custom Blocks
  • Retired Themes
  • FAQs
  • Forum Rules
  • Internationalization and Translations
  • Forum Bugs and Suggestions
  • Forum Log In

Are You Using The WordPress Block Editor?

Genesis now offers plugins that help you build better sites faster with the WordPress block editor (Gutenberg). Try the feature-rich free versions of each plugin for yourself!

Genesis Blocks Genesis Custom Blocks

Genesis site hacked/Bluehost

Welcome!

These forums are for general discussion on WordPress and Genesis. Official support for StudioPress themes is offered exclusively at My StudioPress. Responses in this forum are not guaranteed. Please note that this forum will require a new username, separate from the one used for My.StudioPress.

Log In
Register Lost Password

Community Forums › Forums › Archived Forums › General Discussion › Genesis site hacked/Bluehost

This topic is: not resolved

Tagged: Bluehost, genesis, hacked, minimum pro, security

  • This topic has 9 replies, 2 voices, and was last updated 8 years, 1 month ago by chrislines.
Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • August 5, 2015 at 10:43 pm #161548
    chrislines
    Member

    Hi everyone,

    Yesterday my Genesis (Minimum Pro) site was hacked and Bluehost blocked my site. 'Malicious files' were on there apparently.

    I had no choice other than to buy one of their SiteLock products as I wasn't confident to manually remove all of the files they said were suspect. My site isn't even back up yet so I need to contact them again today.

    Has anyone had experience of this and how was it resolved? Is there no in built security in Genesis?

    I realise from another post on here that I should have had something like Wordfence installed, but I wasn't aware of that until it was too late.

    It did seem slightly odd that Bluehost couldn't allow me access so that I could install and run one of these plug ins instead of purchasing one of their affiliated security products. I could gain access via FTP but they said that was no good. Up until then I was quite happy with Bluehost.

    Thanks for your comments on this. Chris

    http://www.chrislines.net
    August 5, 2015 at 11:24 pm #161551
    coralseait
    Member

    More than likely the compromise was due to an out of date wp core or plugin and not Genesis.

    Once you are back up, invest in some sort of auto / periodic backup solution that doesn't rely on your host. We're partial to UpdraftPlus but there's others as well. For security, we're partial to iThemes as it plays nice with nginx.


    Coral Sea IT

    August 5, 2015 at 11:41 pm #161552
    chrislines
    Member

    Thanks. Do you have any suggestions for cleaning the site of malware/finding out how the breach occurred?

    Bluehost are offering to sell me a cleaning service for $200!

    Cheers.

    August 5, 2015 at 11:44 pm #161553
    coralseait
    Member

    How proficient are you with command line, wp, etc? I'd suggest somebody like https://sucuri.net/ although if Bluehost aren't going to give you much access I doubt they will give them. There's other vendors as well, but they should be able to tell you what the compromise is and how it occurred.


    Coral Sea IT

    August 5, 2015 at 11:49 pm #161554
    chrislines
    Member

    My experience is limited to going in and changing a few lines of code via FTP - I am no expert.

    I can get into the FTP side of things, but that's it! I can't access my Dashboard at all... do you think FTP will be enough access or are my hands tied?

    August 5, 2015 at 11:52 pm #161555
    coralseait
    Member

    When you say you can't access your dashboard what do you mean? Credentials have change or it is non-functional? Honestly I think your best bet is to engage someone like sucuri or go with bluehost.

    You can try to clean it yourself with shell access (if BH will grant it to you) or FTP; however, you can never be sure you got it all. Better to have the experts take a look if the site means anything at all to you.


    Coral Sea IT

    August 5, 2015 at 11:59 pm #161556
    chrislines
    Member

    When I try to access the Dashboard it says 'The website you were trying to reach is temporarily unavailable.'

    August 6, 2015 at 12:07 am #161557
    coralseait
    Member

    That could well be a case of BH disabling the site / protecting things etc. You'd need to dump the response headers to see what's really going on as that's a generic message from browser and doesn't indicate much.

    Given your experience level (no dig at you, btw), have Sucuri or BH take care of this for you; that ~200 is nothing compared to the time and stress it'll take to do it yourself and more than likely you have to ask BH for help or access anyway.

    Once they've done their bit, install iThemes or another plugin and install a backup plugin that takes periodic copies to cloud storage so if you do get taken again you'll have secure backups that don't rely on BH somewhat holding you hostage.

    -- Not a commercial here, but for your future reference or anyone reading this later -- Our backup strategy is AT LEAST 14 nightly full copies of all client sites to Amazon S3 AND Google Drive. We don't roll these into our costs but eat it as part of business because we believe so strongly that solid backup is foundation / absolute necessity. By going to cloud storage outside of hosts; we can move sites without the need for the host to step in via DNS updates at most (since we use managed DNS partners moving sites is as fast as the copy takes). If a site is hacked or something goes wrong with a host we can mitigate the damage and move the site within minutes.


    Coral Sea IT

    August 6, 2015 at 12:13 am #161558
    coralseait
    Member

    Also a word on why this is important, since you've been compromised once they'll be back and/or sell you to the lists so you'll have an increased target footprint for sometime after this. So once the site is cleaned, you need to up your mitigation and protection strategies because you'll be attacked more frequently.


    Coral Sea IT

    August 6, 2015 at 1:03 am #161561
    chrislines
    Member

    Thanks for your help. Looks like I've got no choice other than to bite the bullet and pay!

  • Author
    Posts
Viewing 10 posts - 1 through 10 (of 10 total)
  • The forum ‘General Discussion’ is closed to new topics and replies.

CTA

Ready to get started? Create a site or shop for themes.

Create a site with WP EngineShop for Themes

Footer

StudioPress

© 2023 WPEngine, Inc.

Products
  • Create a Site with WP Engine
  • Shop for Themes
  • Theme Features
  • Get Started
  • Showcase
Company
  • Brand Assets
  • Terms of Service
  • Accptable Usse Policy
  • Privacy Policy
  • Refund Policy
  • Contact Us
Community
  • Find Developers
  • Forums
  • Facebook Group
  • #GenesisWP
  • Showcase
Resources
  • StudioPress Blog
  • Help & Documentation
  • FAQs
  • Code Snippets
  • Affiliates
Connect
  • StudioPress Live
  • StudioPress FM
  • Facebook
  • Twitter
  • Dribbble