Domain Manage

Best Wordpress Security

Discussion in 'Wordpress' started by FutureDomain, Nov 28, 2011.

Thread Status:
Not open for further replies.
  1. FutureDomain

    FutureDomain Active Member

    Joined:
    Oct 2007
    Posts:
    490
    Likes Received:
    6
    Hi Everyone

    I am hoping this thread will not only help me but others.

    Yet again a number of my blogs have been hacked and some idiot and pointless hacker has messed up some great sites.

    I had an attack on my Job Quick site on Saturday and I managed to fix all the hackers rubbish, but tonight another Hacker defaced 8 more sites, including the one I had just managed to fix.

    Has anyone got some good tips on the best ways to secure your wordpress site, I use pluggins like login lockout etc. but I am sure you guys have some best practise ways to do this and stop hackers

    Thanks everyone.
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
     
  3. peter_w United Kingdom

    peter_w Active Member

    Joined:
    Nov 2008
    Posts:
    558
    Likes Received:
    18
    The majority of hacks recently have come via an exploit timthumb, so first port of call would be to install the Timthumb Vulnerability Scanner (plugin) and run it.
     
    • Like Like x 2
  4. FutureDomain

    FutureDomain Active Member

    Joined:
    Oct 2007
    Posts:
    490
    Likes Received:
    6
    Thanks Peter

    Will do that one, great tip rep-plus given, I have been busy tracking the hacker down, just found them... not sure how responsive Saudi ISP's are though
     
  5. atlas Canada

    atlas Well-Known Member

    Joined:
    Oct 2007
    Posts:
    1,348
    Likes Received:
    34
    Some thoughts:

    * change all your passwords
    * hackers often upload a few backdoors when they hack a website - check for this (review all recently modified files). Also check the first line of the wp-config.php file - many hacks inject some obfuscated php code there
    * Change your wp-content -folder name
    * Install 404 logger plugin to see if bots are testing your website for security vulnerabilities
    * Follow these steps:
    http://www.mattcutts.com/blog/three-tips-to-protect-your-wordpress-installation/
     
    • Like Like x 1
  6. aZooZa

    aZooZa Well-Known Member Exclusive Member

    Joined:
    Nov 2005
    Posts:
    4,495
    Likes Received:
    92
  7. Blossom

    Blossom Well-Known Member

    Joined:
    Oct 2010
    Posts:
    1,395
    Likes Received:
    55
    When you fixed the site after the hacking, what steps did you take?
     
  8. golddiggerguy United Kingdom

    golddiggerguy Well-Known Member

    Joined:
    Apr 2007
    Posts:
    3,637
    Likes Received:
    25
    Not security as such but "Limit login attempts" is a nice one to just have in place.

    Can customise to suit your level of lock outs if passwords are entered wrongly.
     
  9. admin Spain

    admin Administrator Staff Member

    Joined:
    Jun 2004
    Posts:
    10,083
    Likes Received:
    115
    try "Better WP Security" plug-in, has loads of features.

    and if you want to track (in real time) what users are doing on your site try "WassUp" plug-in

    Admin
     
    • Like Like x 1
    Last edited: Nov 29, 2011
  10. FutureDomain

    FutureDomain Active Member

    Joined:
    Oct 2007
    Posts:
    490
    Likes Received:
    6
    Thanks everyone, I have had full scans run and one of the biggest sites is going to take ages to repair, so far I have found a few things that suprise me, like premium pluggins like WP robot has vulnerable elements.

    I know the defaults are a problem and you can change them, it would be good to be able to change these as part of the install. I am seriously invested in premium tools for my WP installs but it just shows you can do more.

    If anyone runs WP I would say a maldet scan is good if you have new pluggins, even found all-in-one-seo-pack is vulnerable and I have used this for ages.

    I have a busy week ahead, lol
     
  11. FutureDomain

    FutureDomain Active Member

    Joined:
    Oct 2007
    Posts:
    490
    Likes Received:
    6
    Just thinks before I moan about pluggins, do you think that the hacker installed some backdoors in all-in-one-seo-pack and WP robot pluggins, would be interesting if anyone also found gzbase64.inject.unclassed results in thier installs after running a malware detect scan on thier server.

    Oh and thanks for all the tips everyone, I am certain these will help me and others
     
  12. peter_w United Kingdom

    peter_w Active Member

    Joined:
    Nov 2008
    Posts:
    558
    Likes Received:
    18
    Reinstall all in one SEO and rerun the scan. That should tell you. As far as I'm aware out all in one SEO doesn't have any vulnerabilities or been exploited.
     
  13. AssetDomains United Kingdom

    AssetDomains Well-Known Member

    Joined:
    Feb 2010
    Posts:
    2,951
    Likes Received:
    52
    Just been running the Timthumb Vulnerability Scanner looks and a few sites have been compromised ba**ard hackers.

    Strange thing is though files seem to have been changed on themes that were installed but not actually in use so hadn't been updated.

    A few question for any security experts now they have there code in can they have compromised any file in any of the sub accounts of my hosting I run a fair few domains from the same account.

    If so is there a tool I can use to scan everything on the server
     
  14. dashu1 United Kingdom

    dashu1 Well-Known Member

    Joined:
    Nov 2008
    Posts:
    1,110
    Likes Received:
    14
    You need to harden the site with the htaccess file as well, there's a whole host of stuff you can do like stopping sql injection, etc.
     
  15. fresh79 United Kingdom

    fresh79 Active Member

    Joined:
    Mar 2008
    Posts:
    455
    Likes Received:
    5
    Nice tips everyone.

    Dashu - Do fancy sharing that .htaccess trick?
    Thanks
     
  16. Blossom

    Blossom Well-Known Member

    Joined:
    Oct 2010
    Posts:
    1,395
    Likes Received:
    55
  17. FutureDomain

    FutureDomain Active Member

    Joined:
    Oct 2007
    Posts:
    490
    Likes Received:
    6
  18. fresh79 United Kingdom

    fresh79 Active Member

    Joined:
    Mar 2008
    Posts:
    455
    Likes Received:
    5
  19. owlyco

    owlyco Active Member

    Joined:
    Nov 2011
    Posts:
    52
    Likes Received:
    0
    Very useful thread this. Thanks to everyone who have highlighted certain plugins to look at. It's made me think more about security in regards to my wp sites.
     
  20. FutureDomain

    FutureDomain Active Member

    Joined:
    Oct 2007
    Posts:
    490
    Likes Received:
    6
    Seriously had enough of these pointless hackers now, and I did find they used Tim Thumb on the latest attack, I have all of them on 5 minute monitors now with a restore ready for them, so when they brag about it online its back to normal....

    I hope that the WP theme developers find some kind of fix soon.
     
  21. Blossom

    Blossom Well-Known Member

    Joined:
    Oct 2010
    Posts:
    1,395
    Likes Received:
    55
    Have you got the tim thumb vulnerability checker installed?

    Also, do you really need to be using tim thumb anyway? Pretty sure that its only functionality is to resize images.

    If you've upgraded all your tim thumb files to the latest release, it sounds like you might not have cleared the original hacking attempt(s) up successfully...
     
    • Like Like x 1
Thread Status:
Not open for further replies.

Share This Page