Best Wordpress Security

FutureDomain · Nov 28, 2011

Hi Everyone

I am hoping this thread will not only help me but others.

Yet again a number of my blogs have been hacked and some idiot and pointless hacker has messed up some great sites.

I had an attack on my Job Quick site on Saturday and I managed to fix all the hackers rubbish, but tonight another Hacker defaced 8 more sites, including the one I had just managed to fix.

Has anyone got some good tips on the best ways to secure your wordpress site, I use pluggins like login lockout etc. but I am sure you guys have some best practise ways to do this and stop hackers

Thanks everyone.

peter_w · Nov 28, 2011

The majority of hacks recently have come via an exploit timthumb, so first port of call would be to install the Timthumb Vulnerability Scanner (plugin) and run it.

FutureDomain · Nov 29, 2011

peter_w said:
The majority of hacks recently have come via an exploit timthumb, so first port of call would be to install the Timthumb Vulnerability Scanner (plugin) and run it.

Thanks Peter

Will do that one, great tip rep-plus given, I have been busy tracking the hacker down, just found them... not sure how responsive Saudi ISP's are though

atlas · Nov 29, 2011

Some thoughts:

* change all your passwords
* hackers often upload a few backdoors when they hack a website - check for this (review all recently modified files). Also check the first line of the wp-config.php file - many hacks inject some obfuscated php code there
* Change your wp-content -folder name
* Install 404 logger plugin to see if bots are testing your website for security vulnerabilities
* Follow these steps:
http://www.mattcutts.com/blog/three-tips-to-protect-your-wordpress-installation/

aZooZa · Nov 29, 2011

I'm surprised that the WP developers haven't implemented much of this security stuff. As a start, they should stop using defaults and ask the user for more custom install parameters, like DB prefixes and directory structure. Okay, so they provide defaults and many of them may be changed, but they could at least warn people of the ramifications of using defaults.

https://www.google.com/search?client=ubuntu&channel=fs&q=inurl%3Awp_admin&ie=utf-8&oe=utf-8&gl=uk

Blossom · Nov 29, 2011

When you fixed the site after the hacking, what steps did you take?

golddiggerguy · Nov 29, 2011

Not security as such but "Limit login attempts" is a nice one to just have in place.

Can customise to suit your level of lock outs if passwords are entered wrongly.

Admin · Nov 29, 2011

try "Better WP Security" plug-in, has loads of features.

and if you want to track (in real time) what users are doing on your site try "WassUp" plug-in

Admin

FutureDomain · Nov 29, 2011

Thanks everyone, I have had full scans run and one of the biggest sites is going to take ages to repair, so far I have found a few things that suprise me, like premium pluggins like WP robot has vulnerable elements.

I know the defaults are a problem and you can change them, it would be good to be able to change these as part of the install. I am seriously invested in premium tools for my WP installs but it just shows you can do more.

If anyone runs WP I would say a maldet scan is good if you have new pluggins, even found all-in-one-seo-pack is vulnerable and I have used this for ages.

I have a busy week ahead, lol

FutureDomain · Nov 29, 2011

Just thinks before I moan about pluggins, do you think that the hacker installed some backdoors in all-in-one-seo-pack and WP robot pluggins, would be interesting if anyone also found gzbase64.inject.unclassed results in thier installs after running a malware detect scan on thier server.

Oh and thanks for all the tips everyone, I am certain these will help me and others

peter_w · Nov 29, 2011

Reinstall all in one SEO and rerun the scan. That should tell you. As far as I'm aware out all in one SEO doesn't have any vulnerabilities or been exploited.

AssetDomains · Nov 30, 2011

Just been running the Timthumb Vulnerability Scanner looks and a few sites have been compromised ba**ard hackers.

Strange thing is though files seem to have been changed on themes that were installed but not actually in use so hadn't been updated.

A few question for any security experts now they have there code in can they have compromised any file in any of the sub accounts of my hosting I run a fair few domains from the same account.

If so is there a tool I can use to scan everything on the server

dashu1 · Nov 30, 2011

You need to harden the site with the htaccess file as well, there's a whole host of stuff you can do like stopping sql injection, etc.

fresh79 · Nov 30, 2011

Nice tips everyone.

dashu1 said:
You need to harden the site with the htaccess file as well, there's a whole host of stuff you can do like stopping sql injection, etc.

Dashu - Do fancy sharing that .htaccess trick?
Thanks

Blossom · Nov 30, 2011

fresh79 said:
Nice tips everyone.

Dashu - Do fancy sharing that .htaccess trick?
Thanks

This will do everything you need for .htaccess: http://wordpress.org/extend/plugins/bulletproof-security/

FutureDomain · Nov 30, 2011

Hi Everyone

I have since found out more about the Tim Thumb problem, this is a bad one for me as a lot of the premium themes I use have it, but found this interesting article and possible fixes

http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

Now an even busier week, lol

fresh79 · Dec 1, 2011

Blossom said:
This will do everything you need for .htaccess: http://wordpress.org/extend/plugins/bulletproof-security/

Thanks Blossom i will check that out.

owlyco · Dec 1, 2011

Very useful thread this. Thanks to everyone who have highlighted certain plugins to look at. It's made me think more about security in regards to my wp sites.

FutureDomain · Dec 2, 2011

Seriously had enough of these pointless hackers now, and I did find they used Tim Thumb on the latest attack, I have all of them on 5 minute monitors now with a restore ready for them, so when they brag about it online its back to normal....

I hope that the WP theme developers find some kind of fix soon.

Blossom · Dec 2, 2011

Have you got the tim thumb vulnerability checker installed?

Also, do you really need to be using tim thumb anyway? Pretty sure that its only functionality is to resize images.

If you've upgraded all your tim thumb files to the latest release, it sounds like you might not have cleared the original hacking attempt(s) up successfully...