Knowledgebase
Security Tips : Global Attack on WordPress
Posted by ADMIN SD on 01 January 2014 02:54 PM

As we write this post, there is an on going and highly distributed, global attack on wordpress installations to crack open admin accounts and inject various malicious scripts.

We did a detailed analysis of the attack pattern and found out that most of the attack was originating from CMSs (mostly wordpress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories.

Today, this attack is happening at a global level and wordpress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is making it difficult for us to block all malicious data.

To ensure that your customers’ websites are secure and safeguarded from this attack, we recommend the following steps:

  1. Update and upgrade your wordpress installation and all installed plugins.
  2. Hide your admin url before anything. You can use this plugin.
  3. Install the security plugin listed here for your full wordpress security.
  4. Only install wordpress official plugins and secure 3rd party plugins.
  5. Ensure that your admin username and password is secure and preferably randomly generated. Please use a strong secure userid like a strong secure password.

This steps can be taken to further secure wordpress websites:

  • Use secure admin userid and password. Do not use common userid like admin, administrator, webmaster etc.
  • Move wp-config.php to one directory level up, and change its permission to 400.
  • Restrict access to wp-admin only to specific IPs.
  • Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup.
  • Remove README and license files (important) since this exposes version information.
  • Prevent world reading of the htaccess file.
  • Protect xmlrpc.php file using .htaccess. Please use below mentioned code for protection.
<Files "xmlrpc.php">
Order Allow,Deny
Deny from all
</Files>

 

Note - SKY DEVELOPMENT hosting users please Enable ModSecurity and CloudFlare option from cpanel for total security. During development you can temporarily disable ModSecurity to avoid high security issues. 

 

For more help and support please contact with us.

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

Copyright - SKY DEVELOPMENT, All rights reserved.