s2 Websites Hacked & Trashed

My two s2member websites were hacked last week. In each case:

1. I received an automated email from my WordPress install that I had requested a password change. In both cases it was for my admin account.
2. The wordpress installation then came up as a blank page.

I worked with my ISP tech support on the first website. We were able to get the website to respond. I discovered in this case that my admin account had been hacked, my password changed and my permissions downgraded so that the account was no longer an admin account. On further examination I discovered that my forums (simple press) now displayed my website’s directory and file structure — complete with edit and delete links. I immediately reconnected with my ISP support. Fortunately, this particular wordpress website had a backup performed just an hour before the hack and was restored from the backup.

Not so lucky with the second installation. Even reinstalling the backups did not work as I believe that site had been hacked earlier than the backups. This site will have to be rebuilt from scratch.

Only my s2member install websites have been attacked. These attacks are recent and apparently ongoing. What am I doing wrong? How do I protect myself from these attacks?

Tracy Hickman

Hi Tracy,

I recommend reading over the Hardening WordPress page on the WordPress Codex. There are lots of things you can do to improve WordPress security. s2Member is simply a WordPress plugin, so securing s2Member means securing your WordPress installation.

s2Member uses the WordPress authentication system and the WordPress user-base. I see no indication from your description of what happened that this attack was in any way related to the s2Member plugin. I’m also not aware of any other reports of s2Member sites being specifically targeted or exploited.

If you have any further information about this attack that may connect the s2Member plugin to this event, please send us details via the Private Contact Form and we will investigate immediately.