Has your WordPress site been hacked recently?

If you're using WordPress as your favorite open source blogging platform, chances are pretty high you've already heard about the recent security flaw found in the TimThumb plugin fow WP. If you haven't - you should, cause it's pretty severe. Here is more info on that:


The security flaw isn't a core WordPress vulnerability, so you won't be vulnerable for just using WordPress. However, the bad news is that a pretty big number of themes out there use the TimThumb plugin in order to operate correctly and therefore TimThumb is included in a lot of WordPress plugins and themes, both free and paid. The result is that there is a good chance you might have the vulnerable TimThumb installed and running on your WordPress even if you don't really know about it or you don't care.

The flaw itself is rather stupid - the TimThumb plugin allows uploading files from a list of so called "trusted domains". Among those domains are "flickr.com", "picasa.com", "blogger.com", etc - all of which you might find useful in case you keep your image gallery there and would like to get an image transferred to your blog at a glance. However, the check is flawed because you can bypass it by using a domain like blogger.com.hacker.com. This domain passes the check but belongs to hacker.com, making the script exploitable. Hackers have already been exploiting this vulnerability in the wild and many many bloggers suffered from it already.

In case you are a WordPress user and have TimThumb installed or even worse - you've already been hacked, you might wonder what to do to get things resolved? Well, the good news is there's already a fix for the plugin available here:


Along with the good and the bad news in this situation, there's also a great news for you in case your WordPress is hosted at SiteGround -- it should be secured without you doing anything! As always we've been trying to take care of our fellow customers without boring them with unnecessary details and overcomplicated technical stuff. After all you've entrusted us with your website and its security is our primary goal. So here's what we did - the day after the exploit went live, which if my memory serves me well, was about a month or so ago - we checked how many people are using the TimThumb plugin. The number was devastating - around 15,000 WP instances had it installed and around 350 of those were already compromised. Obviously upgrading 15,000 WP instances was not an option - it's a huge number and given the fact there were so many different versions of TimThumb and we needed to ask for customers' consent prior to upgrading his/her website, it was simply impossible to accomplish. At least not in the short term. So, we decided to find an intelligent and efficient way to deal with the vulnerability before a much larger number of customers were affected. Well, most hosts wouldn't even bother suggesting a fix as they would define the problem as "beyond the scope of the technical support", but we try to do it differently and make sure we spare troubles and work to our customers where possible.

And then in just a few hours, one of our System Engineers found the solution, elegant, simple and fast - the TimThumb plugin uses a folder called tmp/cache to store uploaded files. What we did is suspend execution of files from that folder in all WordPress instances. In simple words - if you upload an image - it will work, but if you upload a script (e.g. badass hack script) it won't. And that magically solved it all with no hassle whatsoever for our customers. We then modified our Apache security module (mod_security) by adding some rules that will prevent execution of the hack, so our customers could be protected by two layers, instead of just one. And then notified the unlucky 350 hacked guys what they should do to get things resolved - namely get rid of the hack and upgrade plugin version. We also offered the service of cleaning the hack and upgrading the plugin to be performed by the Super Heroes @ SiteGround Support Team for the people that felt uncertain how to do it for themselves.

So the answer to the question: "Has your WordPress site been hacked recently?" will disturbingly often be YES in the general case and will most probably be NO if you use SiteGround WordPress hosting.

The SiteGround Mastermind

The SiteGround Mastermind

For the last few years Tenko Nikolov has been one of the masterminds behind the success of SiteGround. He has come up with multiple successful strategies for overcoming technical problems and has achieved real business results for SiteGround. His vision and skills have made SiteGround a leading host in terms of technology and platform reliability.


  1. Reply October 24, 2011 / 16:15 Clarke NelsonSiteGround Team

    My WordPress Blog was hacked within the last week. The robot is creating about 25 new posts/day which I'm constantly deleting. I've changed the password five times, and it's already too late. It won't stop. At any moment, the hacker can delete hundreds of my posts. What can I do to remove it? Anything?

    Thanks, Clarke Nelson

  2. Reply October 25, 2011 / 00:52 HristoSiteGround Team

    I have checked our database and it seems that you are not our customer. Otherwise I would recommend you to use our security audit service but since you are not hosted on our servers our support team won't be able to help you.

    I can advice you, however, to temporary lock your site to be accessible from your IP address only. You can do this by adding these lines to the .htaccess file in your root folder:

    deny from all
    allow from ***put your IP address here***

    Once you do that, clear your site from all the unnecessary content. If there is data lost, you can contact your hosting provider to restore your database from their backups. Once your website is clean and everything is in place, you should update your WordPress application and all the plugins you are using to the latest version. Especially, make sure that the TimThumb plugin is updated and you are not using vulnerable version in any of your templates.

    Finally you should change all your account passwords including your WordPress, database, control panel and FTP credentials.

    I hope that this helps and you won't have such issues in the future 🙂

  3. Reply October 25, 2011 / 03:27 David PascoeSiteGround Team

    I have quite a few wordpress sites at siteground so I'm happy that you guys have my back if a vulnerability is found before I can get in and fix it.

  4. Reply October 25, 2011 / 06:02 John HornSiteGround Team

    This article published by SiteGround makes me feel much confidence, knowing you guys are always on your watch for the latest holes...
    Keep up the ogod work!

  5. Reply October 25, 2011 / 06:16 Riaaz MohammedSiteGround Team

    Siteground....HOST ON ! *thumbs up*

  6. Reply October 25, 2011 / 06:17 Charles RiceSiteGround Team

    Siteground's dedication to insuring its customers security is truly reassuring. Thanks!

  7. Reply October 25, 2011 / 06:56 Jesus CuadraSiteGround Team

    I'm glad to hear that! I just suffered one of this vulnerability issue but it was very annoying. Please keep doing it so well. You are the best!

  8. Reply October 25, 2011 / 07:14 Dianne HaywardSiteGround Team

    I have been with Siteground for several years now and have just yesterday utilized the Website wizard. My friend who is the computer GEEK loves your site and plans to refer it to people. I appreciate the ethical moral values demonstrated by you all. Keep it up. Please don't be tempted by the dark side of greed and more greed that permeates corporations these days. Oh and I wanted to see how a blog worked because I want to use one in my website.

  9. Reply October 25, 2011 / 07:23 RituSiteGround Team

    Mine hasn't (knock wood). Hope it wont... -Ritu

  10. Reply October 25, 2011 / 07:25 Paul WallasSiteGround Team

    My personal blog http://www.paulwallas.com recently got hacked. It was a php script that got inserted into the footer of my site which reset my login to a really long character password. Required a brand new install unfortunately.

  11. Reply October 25, 2011 / 07:35 Yaniv NagarSiteGround Team

    Awesome news, nice to see you're taking the security issues very seriously, so all we have to do is... be creative 😉

  12. Reply October 25, 2011 / 07:47 CurtinsCreations.comSiteGround Team

    Thanks so much for such an elegant solution to this!!

  13. Reply October 25, 2011 / 07:50 MiaSiteGround Team

    Haiku Comment:

    My wordpress was hacked
    Siteground team to the rescue
    No Loss, Biz Good, Thanks

  14. Reply October 25, 2011 / 07:50 pete thatcherSiteGround Team

    So far, so good, I have not been hacked yet. But, it's not for lack of trying. I've had to turn off comments. Most were not, all kinds of code coming in. Thanks for the great work Siteground.

  15. Reply October 25, 2011 / 08:43 Barry DahlSiteGround Team

    Getting hacked to death on Halloween is almost expected. I appreciate SiteGround being there to protect me.

    As Shakespeare said:
    "Eye of newt, and toe of frog,
    Wool of bat, and tongue of dog,
    Adder's fork, and blind-worm's sting,
    Lizard's leg, and owlet's wing,
    For a charm of powerful trouble,
    Like a hell-broth boil and bubble."


  16. Reply October 25, 2011 / 09:01 Marc CramSiteGround Team

    This is one reason I trust Sitground for all my websites.

  17. Reply October 25, 2011 / 10:36 David WilkinSiteGround Team

    Not as far as I know or can see.

  18. Reply October 25, 2011 / 11:01 Manoj GurnaniSiteGround Team

    Great blog reaffirming my faith in Siteground!

  19. Reply October 25, 2011 / 11:22 Joseph GoldbergSiteGround Team

    Here's my silly comment to win an ipad:

    There once was a host named siteground
    They had the best hosting service around
    My sites never crash
    And for this Halloween bash
    I hope that this comment is found

  20. Reply October 25, 2011 / 12:12 Chris CoburnSiteGround Team

    Haven't had the issue, but thanks for the detailed info.

  21. Reply October 25, 2011 / 12:32 Daniel ChouSiteGround Team

    I use blogger.com, and I have never had any issues with security. I would be interested in reading an article about the security features compared between these two. Maybe it's just that blogger isn't as popular, who knows.

  22. Reply October 25, 2011 / 12:39 Riley B.SiteGround Team

    I have one client that is not on siteground that got hacked. My portfolio site on Siteground has never had a problem. Happy Halloween Siteground!

  23. Reply October 25, 2011 / 12:48 Steve ClarkSiteGround Team

    Thanks for the heads up Siteground! Your hosting services always make it easy to set up and maintain WP sites.

  24. Reply October 25, 2011 / 12:50 neil spurgeonSiteGround Team

    MY God, only this afternoon I installed TimThumb as part of the wordpress user-avatar plug in becuase I was expecting lots of new desirable avatars based on spidrs to arrive for Hallo'een. However, I see that Siground, as so often before has solved the problem before I even knew it was a problem. Well done guys and if there is a spare spider cake going for hallo'een, include me in please !!

  25. Reply October 25, 2011 / 12:58 Ivica PanicSiteGround Team

    If your website get hacked, check your logs to see if you can discover how the hack took place. Open source tools like OSSEC can analyze your logs and point to where/how the attack happened. Or better yet ask Site Ground customer service for help. They are the best!

    Happy Halloween

  26. Reply October 25, 2011 / 13:35 StefanySiteGround Team

    This is a great article. I have 3 websites hosted here, all of them using WordPress, this is helpful.

    Trick or Treat, Happy Halloween!

  27. Reply October 25, 2011 / 13:42 jessicaSiteGround Team

    This is a good post! Thanks for keeping us up to date on what is going on. I haven't been hacked but this allows me to take precautions for the future.

  28. Reply October 25, 2011 / 14:11 Amy CluckSiteGround Team

    Yikes! That is scary, thanks for letting us know. Luckily I am not using that particular plug-in on any of my sites!

  29. Reply October 25, 2011 / 14:38 WillSiteGround Team

    Our site was hit as all the folders with .htaccess files in them. What a mess! We couldn't just install an updated theme because of lots of customization. However, installing the updated timthumb did the trick!

  30. Reply October 25, 2011 / 14:53 LiangSiteGround Team

    A wonderful hosting site.

  31. Reply October 25, 2011 / 16:02 Joel V.SiteGround Team

    Thanks alot for this. My site was taken over by some Russian/German hackers last week. Couldn't read or understand anything but, thanks to Siteround tech support; they flushed out my server and gave me a brand spanking new one so now im back up and running!

  32. Reply October 25, 2011 / 16:41 David BrailsfordSiteGround Team

    Yet again shows you just can't trust those gosh darn robots.

  33. Reply October 25, 2011 / 16:50 Donald CherrySiteGround Team

    No one's been uploading pictures or anything that I can tell to my site. I HAVE noticed, however, that every once in the while my Moodle install will go all haywire. The appearance will get all funky, and the site will be unusable. If I leave it alone for a bit, then come back to it later, it seems to sort itself out, but it's a little scary. I rely on this for about 100 university students.

    • Reply October 26, 2011 / 07:41 HristoSiteGround Team

      It seems that part of your Moodle application is timing out at some point. It would be the best to post a support ticket in your Help Desk so our support team can check what's the exact issue and provide you with an adequate advice and assistance.

  34. Reply October 25, 2011 / 18:07 Fabiane FolkerSiteGround Team

    two of my own sites (wordpress) were hacked in few months time. I know how much headache you have when that happens. Thanks for sharing this article! Good to know more about those things.

  35. Reply October 25, 2011 / 18:08 sharonSiteGround Team

    It may be the season for scary, but I'm grateful for the elegant solution to this hack! Happy Halloween!

  36. Reply October 25, 2011 / 18:43 Ken BoldtSiteGround Team

    I'm not sure if my site was hacked or not, but recently when I would view my site from work, my anti-virus would say that it quarantined something. I couldn't find anything out of place, but I recreated the site from scratch anyway, and just imported my database. Didn't take too long and now I don't get any warnings.

  37. Reply October 25, 2011 / 19:11 ChadTHX1138SiteGround Team

    My sites were recently hacked because of this. I had to start over from scratch. Hope this doesn't happen to too many more folks.

  38. Reply October 25, 2011 / 19:34 Phil HovatterSiteGround Team

    My sites have been high and dry. Thx, SiteGround, for having my back.

  39. Reply October 25, 2011 / 19:52 cybernuns.comSiteGround Team

    You are the best
    To heck with the rest
    When it comes to Joomla
    You be da boomah...

  40. Reply October 25, 2011 / 21:23 tSiteGround Team

    I send a lot of business to you even though I thought you were HQd in teh UK for some reason. Not sure where the h I got that from. But now I see that you're at the edge of town. Cool.

  41. Reply October 25, 2011 / 21:47 JuliwSiteGround Team

    Rock on Siteground!

  42. Reply October 25, 2011 / 23:06 chol70SiteGround Team

    OK Ok not not been broken yet. But that's not due to a lack of trying. Comments have been disabled. Most do not have any code shortly. Thank you for your Great work Siteground.

  43. Reply October 25, 2011 / 23:55 Yariv DrorSiteGround Team

    Not just in Halloween - SiteGround is the best hosting service any time of the year!

  44. Reply October 26, 2011 / 00:03 mukSiteGround Team

    This is worrisome. I also worry about email..I wonder what options are available to eliminate more spam and email based viruses..
    Happy Halloween!

    • Reply October 26, 2011 / 07:29 HristoSiteGround Team

      As mentioned in this blog post https://www.siteground.com/blog/more-great-extra-services-from-siteground/ we have a high end anti-spam protection enabled for all our customers. However, we provide an extra layer of protection named Spam Killer as an extra feature. If you want to improve your anti-spam protection, you can order it from your Customer area. It will scan your emails for spam profiles and decrease significantly or even eliminate the spam you are receiving 🙂

  45. Reply October 26, 2011 / 00:20 Paul-MarcSiteGround Team

    We fell into that category, a couple of weeks back.
    The bad thing was that our website was brought down.
    The great thing was that the support were fast enough to work with us through the issue, to bring it up again!
    Thanks SG-support!

  46. Reply October 26, 2011 / 00:25 Thomas PastinskySiteGround Team

    Glad I read the Halloween special e-mail.. This post might save a certain number of people I know more money than what the prizes offered are worth 😀 Heppy helloween evlybuddy!

  47. Reply October 26, 2011 / 00:36 vijayabalajiSiteGround Team

    best customer service i have ever seen....i have used many other hosting ,but site ground provide best hosting for really low rates..they are the best..they helped me in many ways..i personally recommend siteground to everyone...once you join with them, everything will go fine for your site...thank you site ground for everything

  48. Reply October 26, 2011 / 00:54 MustafaSemih GökceSiteGround Team

    i have wordpress sites and i have the same problems with my sites not hosted in siteground. And after i move my site to siteground wtih clear backups, problem stop, no auto adding or deleting posts.

    So thanks for perfect services

  49. Reply October 26, 2011 / 01:16 Viet HoangSiteGround Team

    Interesting press release. I'll pass this on to my friends who use wordpress.

  50. Reply October 26, 2011 / 01:17 Daniil LussSiteGround Team

    I do like 1-2 websites monthly on wordpress for my client and host them on siteground. He never got hacked, guess thanks to hostgator. I also host my web on siteground and I'm very happy with your service and help you provide. Many people using also fame ******tor, but their prices are so high and service is so low, so I always reffer my clients your hosting. You are the best!

  51. Reply October 26, 2011 / 01:36 LeviSiteGround Team

    What do i need to do to make sure that this does not happen to my word press site? Hope i win the ipad 2 :-). But seriously what do i do to secure my wordpress site from this hake?

  52. Reply October 26, 2011 / 01:51 Othmann BadaouiSiteGround Team

    To be hacked, I need to be known first, so I don't have to worry about this news. 😉

  53. Reply October 26, 2011 / 02:17 HassanSiteGround Team

    Well yes this is true, Siteground is giving the best services and some times they offer free services as well, i am not worry about hacking because my site is save and i guess my clients' web sites also.
    GO GO Siteground 🙂
    And Happy Halloween to all members and staff.
    Wish you all the best.

  54. Reply October 26, 2011 / 04:59 Mushima NgalandeSiteGround Team

    Way to go Siteground!!! Thanks for protecting us from the timthumb attack. You're the best. I feel more secure having my website hosted by siteground.

  55. Reply October 26, 2011 / 06:15 PETER GINDOSiteGround Team



  56. Reply October 26, 2011 / 06:31 PETER GINDOSiteGround Team


  57. Reply October 26, 2011 / 07:51 Dave SimpsonSiteGround Team

    I have "crawled" around many different hosting and service companies... It always felt like I was floating around aimlessly in the "clouds" ...

    FINALLY, my site was grounded into a permanent home I could count on...


  58. Reply October 26, 2011 / 08:05 SastrySiteGround Team

    Good to hear that you have our backs.

    As a security conscious professional, I am always looking for services that include security - without making it "optional / add-on". While I understand that it is a function of costing=>pricing, I am still a wee bit dissatisfied that security is still "not automatically built-in" in the most basic services of siteground. I look forward to a day when it will be.

  59. Reply October 26, 2011 / 08:37 Samlal MannieSiteGround Team

    It is with a conviction so sound
    I have chosen "siteground"
    A web provider, so profound
    Nowhere else can be found

  60. Reply October 26, 2011 / 08:47 Marian LibrarianSiteGround Team

    I read information like this and I am reassured how safe our library's web site is. Our library's site has been hosted by SiteGround for over 3 years. I don't have time to worry about how safe our website is. I have been recommending SiteGround to my friends from the beginning. Good Job SiteGround!

  61. Reply October 26, 2011 / 09:03 Anghel BogdanSiteGround Team

    Well I have a vBulletin hosted so now, it was not hacked but if you had the feature of Siteground that allow you to make automatically backups activated, it shouldn't be a problem.
    Hackers are the main reason why we all should get it activated.

    Siteground allow you to activate many features that are important and usefull for your site this is why I recommend it to all my friends that are asking me from where to get a good hosting.

    I can say that Siteground is awesome and I can't say anything negative about the hosting and the features !

  62. Reply October 26, 2011 / 09:35 Pete MarschSiteGround Team

    I have had various sites hosted elsewhere and one of the reasons I moved to Siteground was its reputation for affordability and security!

  63. Reply October 26, 2011 / 10:10 MarioSiteGround Team

    Great Web Hosting. i did lot of research and finally i m convinced in Siteground which has everything to succeed in creating a wonderfull web. Thanks you guys just keep on going

  64. Reply October 26, 2011 / 10:37 Yu-ChiangSiteGround Team

    Yeah,its really lucky we have siteground to be protected because there are people that does not have knowledge about security and website. My 2 cents: organize your website WELL (delete unused documents, organize your pages) and you should be able to get an better idea about how your website should be protected!

  65. Reply October 26, 2011 / 11:34 Joseph the Certified Online InstructorSiteGround Team

    I test a lot of WordPress sites, and don't know if any outside of SiteGround are vulnerable. I feel comforted, knowing that the four or five WordPress sites hosted within my Siteground account are secure.

    For any future template customizations, I recommend using a "Child Theme" instead of hacking the original theme. This ensures that theme customization remains safe from cracking attempts or upgrades.

  66. Reply October 26, 2011 / 11:41 Steve WoodSiteGround Team

    I was not aware of this WP security hole till just now. Good thing Site Ground was on top of it! I have since gone thru all my WP sites and closed the PHP hole. thanks for the help and HOPE I WIN THE iPAD! Did I mention the IPAD? I'd take any of the other prizes too but for someone who cannot afford an IPAD...it would truly be a blessing to WIN AN IPAD from SiteGround! Rock on!

  67. Reply October 26, 2011 / 13:33 ChrisSiteGround Team

    I also was not aware of this security hole until I read the site-ground blog. While I don't host my WordPress site on Siteground, I do host other sites, and will be setting up another site over the next month that will be using both site ground & wordpress. It's awesome to know Siteground has my back.

    Fortunately my WordPress site was built using using RapidWeaver, so no vulnerability for me. *Phew*.

  68. Reply October 26, 2011 / 14:59 Grant ShersonSiteGround Team

    I have referred several people to siteground and have helped 4-5 of them set up wordpress sites with you. Just goes to prove recommending siteground was a good move. Keep up the good work. (http://www.shersonmedia.com/grant/cv/portfolio.php?category=websites - siteground sites - cinemas of nz, animation symposium, history of tv in nz, mediarenacentre, nouveaumanagement...)

  69. Reply October 26, 2011 / 17:49 Anthony ConsillioSiteGround Team

    Fortunately I havent had any issues but thank you for keeping us posted. Thank you Siteground for your service and have a happy Halloween.

  70. Reply October 26, 2011 / 20:19 BobSiteGround Team

    Wish all webhosts were this nice.

    On a side note, also wish I didn't have to look at light blue font to type this comment. Sort of hard to read...

  71. Reply October 26, 2011 / 21:22 DuaneSiteGround Team

    Thanks for "having my back" and taking care of this pesky problem!

  72. Reply October 27, 2011 / 01:07 Dean LucasSiteGround Team

    Thanks for being one step ahead of this! For those of you who don't know the TimThumb PHP Script is a custom image-sizing script, that allows you to produce a cropped and sized version of an image.

  73. Reply October 27, 2011 / 01:42 FiachraSiteGround Team

    Thanks for all the help you gave me when I set up my first site.

  74. Reply October 27, 2011 / 04:09 Md Rashid AshrafSiteGround Team

    I didn't faced any issue but the dedication of siteground to insure their customers for security is truly reassuring. Their support team is also too helping in case of any vulnerable activity.


  75. Reply October 27, 2011 / 04:59 MarcSiteGround Team

    Been with you guys for about 6 years now, and had this happen only once in all that time due to some plugin. Glad to get it resolved in super quick time as had no idea why it was happening. A free plugin called wordpress backup was also recommended which gives peace of mind as creates a backup automatically. Great info in this post too. Cheers siteground 🙂

  76. Reply October 27, 2011 / 08:14 SheikhSiteGround Team

    I am linked with you guys since months... and i am really happy with your services.. i had really terrible experience with my previous web hosting company and my wp site was hacked... but its after an year that i am in peace... no hacking, no cracking.. its safe and faster then the previous one...
    also your customer services is too cooperative ..
    after all.. as final words... i'm in peace with siteground.

  77. Reply October 27, 2011 / 13:33 jgSiteGround Team

    Glad site ground step up and took care of it on their servers

  78. Reply October 27, 2011 / 14:07 MeenaSiteGround Team

    Thanks for this article will help us to be careful.

  79. Reply October 27, 2011 / 18:22 Mr XingfuSiteGround Team

    Glad you guys have my back!

  80. Reply October 27, 2011 / 22:58 Anne SSiteGround Team

    This article made me look at my wordpress blog only to discover it's gone. Not a big loss as it was only set it up for my master's program so I may have closed due to neglect. However, when I do re-open it I will make sure it's supported by SiteGround.

  81. Reply October 28, 2011 / 06:47 ElizabethSiteGround Team

    Happy halloween

  82. Reply October 28, 2011 / 10:06 Jason KillgoSiteGround Team

    Happy Halloween and thanks for keeping everyone informed of issues like this. Often times when I run into errors and poke around the internet for answers it leads me right back to my hosting home at siteground. Keep up the great work!

  83. Reply October 28, 2011 / 14:56 Wes GroganSiteGround Team

    Great news and Happy Halloween! Thanks so much for the update and the secure environment you provide for us

  84. Reply October 28, 2011 / 22:10 TonySiteGround Team

    SiteGround -- all the bells & whistles for an unbeatable price!

  85. Reply October 29, 2011 / 16:25 JoAnneSiteGround Team

    We love SiteGround! Been with our business since day one and counting!

  86. Reply October 29, 2011 / 17:59 PeteSiteGround Team

    On the eve of Halloween,
    Take the leap and be seen,
    Make Siteground your host of choice,
    Doing so will make them rejoice.

  87. Reply October 30, 2011 / 00:32 En NoticiasSiteGround Team

    i love SiteGround they help with tips and hacks too,what esle can we ask.

  88. Reply October 30, 2011 / 11:27 JeannetteSiteGround Team


  89. Reply October 31, 2011 / 08:35 Michelle | Bleeding EspressoSiteGround Team

    As always, thanks for keeping our sites safe, Siteground! And Happy Halloween 🙂

  90. Reply October 31, 2011 / 15:24 Ines MullerSiteGround Team

    Still learning, but with Siteground I feel at home!
    From Portugal!!!

  91. Reply October 31, 2011 / 16:35 ChrisSiteGround Team

    As a developer for a decent volume of WordPress sites, I always try to research vulnerability of a plugin before installing it for my clients. Of course that won't always work as sometimes vulnerabilities aren't always instantly discovered - so I also always back up my client's database once every two weeks.

    Then again sometimes clients update the plugins without letting me know and get themselves into vulnerable plugins that way - so now I just mostly assign clients user roles that cannot install/update plugins. Of course that means that I'd have to update all their plugins but it's better than knowing that they could get hacked from vulnerable plugins..:)

  92. Reply November 1, 2011 / 13:51 CharlieSiteGround Team

    This is why I've always used siteground to host my websites. Thank you Siteground!

    • Reply November 1, 2011 / 13:51 CharlieSiteGround Team

      ...Oh and Happy Halloween!

  93. Reply January 13, 2012 / 15:08 DanielSiteGround Team

    You can easily scan your WordPress for outdated and vulnerable TimThumb scripts using this WP plugin:


  94. Reply April 11, 2014 / 06:00 AdilSiteGround Team


    My food blog has been getting spammed for ages. It was becomign labourious to delete the entries especially from my email account which would sent me a notification every time a new one was made. They have slown down of late which was good. However I did not realise that my site was being used to somehow send out spam to other sites too?

    My site has been temp suspended by SiteGround. I have replied to a ticket regardign this problem. Also I think due to some update my ip address has changed and I have been asked to make appropriate changes via my Control Panel for the site however I cannot access this as I don;t know how to as my site is down.

    Can anyone help me get my site bakc up and running and also how to combat the spam in future?


    • Reply April 15, 2014 / 05:29 HristoSiteGround Team

      Hello Adil,

      Our team will be of course glad to help you. As I see there is already a ticket posted in your HelpDesk on April 10th where our team recommends you to set up a captcha for your contact form. Please take a look at ticket 1018801 to learn how to do that and to get response to your other questions.

      Please do not hesitate to contact us about technical issues through our official support channels which are available 24/7:

      Help Desk: https://ua.siteground.com/support/choose_category.htm
      Phone: 1.866.605.2484
      Chat: https://newchat.siteground.com/hcl/live/main.php


* (Required)