1578 posts
  • Has been part of the Envato Community for over 3 years
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
webdesignerart says

Hi Guys,

Some people want to hack my website, i seeing from admin some extra user signup created not administrator but as contributer role, they trying to access my sitemap.xml and use so main sql quries to inject.

I am tired many times to ban there ip’s but now seemms they become more anger and again continues in try to any how login as administrator and distroye my website.

So what i have to do. My website is on wordpress and i am the lover of wordpress.

342 posts
  • Has referred 50+ members
  • Has sold $40,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in Netherlands
+4 more
RikdeVos says

Delete those users and prevent people from signing up on your site.

213 posts
  • Has been part of the Envato Community for over 1 year
  • Has sold $1+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
themelux says

Do what the person above said, but also contact your web hosting provider and aware them of the issue along with the users IP adress as they can do a server side ban.

1578 posts
  • Has been part of the Envato Community for over 3 years
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
webdesignerart says

But friends my website is social sharring website, user can register/signup for posting content. regarding for web host adminmistrator what things have to give them?

213 posts
  • Has been part of the Envato Community for over 1 year
  • Has sold $1+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
themelux says

But friends my website is social sharring website, user can register/signup for posting content. regarding for web host adminmistrator what things have to give them?

You need to alert them of what the hacker is trying to do along with their IP adress if you have it, they’ll block that person from accessing your website and the hosts server.

1034 posts
  • Has sold $100+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 1+ items on Envato Market
  • Sells items exclusively on Envato Market
+2 more
BenSheppard says

If users can add an account with admin “quality’s” you need to think about the way the accounts created, if there is hidden inputs to add the user level that can be easily compromised, also you should make sure you don’t allow any SQL queries or HTML characters through on the PHP side

1578 posts
  • Has been part of the Envato Community for over 3 years
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
webdesignerart says

Thanks mates for your suggestion regarding for webhost and for SQL Queries. :|

243 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Located in Europe
creativestuff says

since they try to inject with a script .. try to capture some browser headers to make sure scripts are accessible only by real user and not bots

by
by
by
by
by
by