As I write this post, there is an on going and highly distributed, global attack on wordpress installations to crack open admin accounts and inject various malicious scripts.
To give you a little history, we recently heard from a major law enforcement agency about a massive attack on US financial institutions originating from our servers.
We did a detailed analysis of the attack pattern and found out that most of the attack was originating from CMSs (mostly wordpress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories.
Today, this attack is happening at a global level and wordpress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is making it difficult for us to block all malicious data.
To ensure that your customers’ websites are secure and safeguarded from this attack, we recommend the following steps:
- Update and upgrade your wordpress installation and all installed plugins
- Install the security plugin listed here
- Ensure that your admin password is secure and preferably randomly generated
- Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress
These additional steps can be taken to further secure wordpress websites:
- Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup
- Remove README and license files (important) since this exposes version information
- Move wp-config.php to one directory level up, and change its permission to 400
- Prevent world reading of the htaccess file
- Restrict access to wp-admin only to specific IPs
- A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, http://wordpress.org/extend/plugins/better-wp-security/. These may help in several occasions.
SOURCE: ResellerClub Blog
How I totally got rid of my pot belly, excess fat and overweight in just 9 days. Click here for details.
After four years, I finally got over infertility with this natural solution. Click here to find out.
How I recovered from high blood pressure without chemical. Click here to find out how I did it.
How I increased my blokos size & last 40mins+ in bed every night with a natural solution. Click here for details.
AMAZING! How this business makes me over 800k monthly partnering with Facebook & a U.S company. Click here to download FREE report now.
LATEST DISCOVERY! How to reverse Type II Diabetes in few weeks completely with this natural solution. No side effect. Click here.
Own a property at Ibeju-Lekki - the fastest developing area in Lagos State for as low as N1.5 million.
WARNING TO MEN: These 3 foods is killing your erection & sexual performance. Click here to know them.
ONE game cut your ticket? Don't worry. NairaBET go still pay you. Click here to register with NairaBET.