Exploit threat Misc

Maintaining security of your WordPress

Technology is not foolproof it is prone to invasions and attacks,your information gets stolen,or some malicious attacks can even damage your computer.

Wordress it self is not immune to such attacks and there have been reports that wordpress community is continually being plagued by such breaches in security.

Now we are going to share with you some useful tips in keeping your WordPress protected and secure,by following these tips you can prevent attacks or if you are already a victim then still you could use this info to fight back against such threats.

Exploit threat

This is quite a common threat and you must be aware of it,it is a malicious code which is designed to exploit the weakness in existing code.
Timthumb has weaknesses which could have been exploited,one reason was that it’s function allows users to upload images from various sites and access it easily.Such images could be stored in a cache directory so that Timthumb couldn’t reprocess them again.This function could be easily exploited by hackers who upload files to the server, which them could allow them access to as many wordpress installation as they like.

Same issue occurred with Uploadify plugin,when it is not properly handled the plugin grant free access to hackers who can upload php scripts to allow access permission.

In each case,the issue is with plugins not WordPress itself.To resolve this issue,all you have to do is to keep your plugins up-to-date and report any bugs that you encounter so that the developers could fix them.

SQL Injecions

WordPress itself is not impervious to any issues.Sql Injection is a process through which a hacker or attacker tries to pass SQL code through a website form or script for the purpose of stealing data from the database by trying to parse the SQL code correctly.Data could be email addresses or more likely it will be your username and Password that could give him further access to do more attacks.

Annoying thing is that such SQL attacks are very frequent,so you will have to continuously backup your database almost every day.

To avoid that, you can try to secure your files using Apache with a code like this in your .htaccess file.This can putt off an amateur,but professional hackers can find another spot.Good thing is that most attacks are done by novice using 
PHP r57 or shell.Minmizing such attacks will save you a lot of headache.

Default or Original User

Most susceptible is always the original or end user.It doesn’t matter how fancy is your password,The truth is that the more complex is your password the more security risk you have,because these passwords will be saved somewhere.Users generall save these passwords in txt or doc files on their computers and these computers are open to phishing attacks using trojan viruses.The best place to save your passwords is your memory.

Still, you will not be safe from brute force attacks.A bruth force attacks merely ‘guess” your password and repeatedly tries to log in.It usually starts with ‘aaaaaa’, proceeding to ‘aaaaab’ and so on until it reaches ’000000′.Many computers looks for access not just one.

Best way to deal with brute force attacks is to install a login limiter that will only allow few login attempts after that it will block access of that users for an hour or so.This minmizes a threat to your wordpress,there are some wordpress logins that you could use,like:Limit login attempts,Better wp security and Login security solution.

You have to pay keen attention to your default username as well,usually the original or default username for wordpress is ‘admin’,if you leave it as that then you are making things very easy for hackers to access your site.If you hadn’t done so,then we suggest you must deleted your admin account which was made when you installed wordpress and make another account give it a different name and give it administer permission then delete your admin account.

Direct Access

Another thing to take into account is that WordPress provides direct access to the login page,which makes it easy for hackers to hack it.although securing password is very important,but a hacker cant do much with all the stolen information if the login page is hidden from him.So the solution is to use a plugin called Hide Login to hide the login page’s location.

Default prefix

By now you would have clearly understood that the more information we give to hackers the easier their task becomes.the default WordPress table prefix is wp,why give hackers an easy prey by not changing the prefix something that is more difficult to guess,it will make your site lot more secure and will increase the amount of work for hackers.

Whenever you install it you are asked for a prefix in the new installation script that is now available,but for older version you can either change it manually, which is not recommended for a novice,or you can use plugin like Better WP security.

Too Late (Never)

As they say ‘it is never too late’,you don’t have to lose your heart even if you get hacked,you can reverse this situation.

If you want to be satisfied about the security status of your site then there are tools which can tell you like Sucuri Sitecheck for instance, will scan your site and if your infected it will tell you what to do.

Some basic Fixes

-Always back up your site and database so that you don’t lose your contents.
-Make copies of items that aren’t in your database.
-Always download the latest version of wordpress
-Make sure all plugins are up-to-date and check to see which version has answer to your problems.
-Make sure that templates are up-to-date.
-Upload the new files that you downloaded.
-Use an FTP client or cPanel to delete everything in the WordPress directory.
-Keep changing your password,dont make it easy for hackers.
-Keep checking all of your posts and look for any unusual things.

Dealing with r57 script

Hackers that use r57 script which is a PHP,gives them lot of leverage,but these capabilities wont work  untile we have shell on our web server,we can prevent such attacks by using such commands:


"find /var/www/  -name "*".php  -type f -print0  | xargs -0 grep r57 | uniq -c  | sort -u  | cut -d":" -f1  | awk '{print "rm -rf " $2}' | uniq"

This command will look for PHP files located on your WWW folder then within the found files it will look for any mention of r57 in the filenames in content,then it will delete infected files.

find /var/www/  -name "*".txt  -type f -print0  | xargs -0 grep r57 | uniq -c  | sort -u  | cut -d":" -f1  | awk '{print "rm -rf " $2}' | uniq

This code does the same thing except for Txt files instead of PHP files.But these codes are for linux dont use them on windows or Mac and bear in mind that these codes are very dangerous they will delete the files without even asking your permission.

Obscured Code

Theme can cause this problem of obscured code,because malicious code is harder to find within themes.It can do all sorts of damage, from redirecting users to other sites, to damaging your SEO.

Theme Authenticity Checker is your best bet in this regard.This plugin will not only check code for suspect lines but will detect static links and obscured code like code generated in base64 that is hard to spot.

Wise up

You have to wise up and learn from your mistakes.

Brace yourself up by following these steps.

-Only allow Php if it is necessary.
-Make sure that your web server doesn’t allow clients to modify you .htaccess file.
-Install a firewall that will restrict the mail outbound in the port 25 to adjust the root and email server ID.
-Monitor upload on your website using application called Congfigserver exploit scanner.

Last Word

You have to make sure tha you and your users are protected from spam,malware,trojans and phishing attacks.But your first defense is about using a good anti-virus on your machine.


Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>