WordPress Business Themes › Forums › Responsive Themes › Coupon Theme › Possible Security Issue
Hi guys… I was just checking through settings and found 6 users to my site that should not have been able to register as i have Allow Visitor Submissions disabled (image 1)… In WP general settings Anyone can register unticked (image 2)… One of them even created a listing which went live…
I don’t know if this is a possible security issue with CP theme or if my site has been hacked, but i thought id let you know so you can check your own sites just in case…
Are these users like Tom, Jane etc?
If so, they are dummy users created by the theme for testing
I cant remember the names, i deleted them as soon as i saw them… But that sounds plausible as the were all created on the same day (25th july) and i think that is about the same time i updated theme…
yes they will be the demo content installed with the theme
Thanks Mark… was just a bit concerned, i thought my site had been hacked…
no problems and fully understandable, glad we’ve eased your mind.
Security is very important obviously.
The most most most important thing is keeping things up to date with security issues and bomber passwords.
lxqiBhiDbhvBxLFE2FFrso0Og for eg, please dont use that one, 😉
Be careful with punctuation in pwds it can mess with PHP sites.
David… How did you know my password… lol
When you say punctuation in passwords mess with sites do you mean symbols like ! . , etc? Because i think a few of my sites have some in passwords… In what way do they mess with site?
What I have found is that apostrophes ( ‘ ) can cause white screen of death for some PHP related reason.
You will find that out on a new install of a PHP site though, or a change of pwd on an established site.
Also pwds that are too long can also cause problems, 15 > 25 should suffice.
Also, one thing that totally amazes me is there are never any security updates with Mark’s themes. Hat’s off. Well done Mark.
Thanks David… I’ll keep that in mind next time i change my pwds… I use a pwd generator that lets you set length and use special chrs, i usually use about 45 chrs, but I’m not sure if apostrophe is used… Is it just an issue with that symbol or are there others?
I have some issue, unfortunately i have been hacked a couple of times trough WP and I detected in the plugins and the theme filec this code (attached)
I look at this and i found that this is a shell injection and is the way that are been hacked, but I dunno what I can do, I changed all my pswd a bounch of times and changed the administrator user, and I been hacked again. does anybody know how i can avoid it?
Also I would like to say that I have my site with david nofool and he help me a bounch of times to restore my sites due this hacks trough WP, that really helps in this times. (thank you David)
Ed, sorry to hear about it. You’ll need to know how/where you got hacked first before you can look into fixing it.
It could be something simple like someone has access to your email and so is requesting your hosting details or that they have access to your hosting account login page where your details are found.
Yep Mark it’s a case of weak pwds I am afraid.
I can keep restoring your sites Edgar but goodness knows what’s in them after the hack. Remember you have 30 days worth.
Mark, your new sig regarding the hosting at hostupon? Are you aware of their prices?
And the dedicated prices lol.
Submit your feature requests to our ideas board and it could be included in a future theme update.
or contact our support team