addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramlinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

The Vancouver WordPress Meetup Group Message Board › Blocking Malware

Blocking Malware

Michael S.
user 14937461
Vancouver, BC
Post #: 1
Does anyone have suggestions for locking down a WordPress theme or detecting an attack sooner? I just had a client’s site hacked and the header.php modified to have a not so handy script. (You can read more about the malware here: http://stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html­).


Morten
mor10
Vancouver, BC
Post #: 19
Though each attack is different, these types of attacks are usually caused by old versions of WordPress, too "open" file and folder access settings on the server, or global security issues on the server as a whole. The hacks are rarely placed in the files on the site but are rather injected into the files through code in the database. That's what makes them so hard to remove. The Pharma hack that was running rampant last year exploited a vulnerability in the Magpie RSS API in WordPress, but that was only possible because the hosting providers had laxed their security regimes.

In general the way to lock the site down is to keep WP up to date, lock down your files and folders so they can't be modified by anyone other than the site owner, and host your sites on a server that has solid security routines.
Morten
mor10
Vancouver, BC
Post #: 20
Also, you should check out the Hardening WordPress article in the Codex: http://codex.wordpres...­
M. Diane R.
eicuthbertson
Burnaby, BC
Post #: 75
Thanks for mentioning this article.
Kevin F.
kfukawa
Burnaby, BC
Post #: 4
I would also recommend Wordpress Firewall 2, which can be found here:

http://wordpress.org/...­

and some sort of login/IP blocker to stop someone just hammering away at your login form.

Hope that helps.
Michael S.
user 14937461
Vancouver, BC
Post #: 2
Thanks for the info. I finally got the logs from the hosting and discovered it was done via ftp! Though the password was a random string of 8 characters the client had never changed the original ftp password.
Powered by mvnForum

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy