Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,193,566 members, 7,951,365 topics. Date: Tuesday, 17 September 2024 at 02:48 PM |
Nairaland Forum / Science/Technology / Webmasters / There’s A Global Attack On Wordpress Sites Please Take Precautions (604 Views)
Dedicated, VPS Web Servers For Wordpress Sites & Businesses / There Is Global Attack On Wordpress Sites / Webmasters, It Is Time To Show Us Your Wordpress Sites! (2) (3) (4)
(1) (Reply)
There’s A Global Attack On Wordpress Sites Please Take Precautions by Nobody: 12:07pm On Jun 17, 2013 |
Hi folks, there seems to be an on going and highly distributed, global attack on wordpress sites and installations to crack open admin accounts and inject various malicious scripts. To give you a little history, we recently heard from a major law enforcement agency about a massive attack on US financial institutions originating from our servers. We did a detailed analysis of the attack pattern and found out that most of the attack was originating from CMSs (mostly wordpress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories. Today, this attack is happening at a global level and wordpress instances across hosting providers are being targeted. Multiple hosts are being affected. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is making it difficult for us to block all malicious data. But we are working and taking all necessary precautions. To ensure that your websites are secure and safeguarded from this attack, we recommend the following steps: 1. Update and upgrade your wordpress installation and all installed plugins 2. Install the security plugin listed here 3. Ensure that your admin password is secure and preferably randomly generated Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress These additional steps can be taken to further secure wordpress websites: Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup Remove README and license files (important) since this exposes version information Move wp-config.php to one directory level up, and change its permission to 400 Prevent world reading of the htaccess file Restrict access to wp-admin only to specific IPs A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, http://wordpress.org/extend/plugins/better-wp-security/. These may help in several occasions Also, we recommend using Cloudflare, which is available free with all our cPanel accounts, to prevent the attack from affecting the functionality of your site. In a few day from now, we’ll be talking more about cloudflare and its importance to you. Have a nice day...
|
(1) (Reply)
Help Me Check This. / Etisalat Magic Sim Now Available / Domain Mapping
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 13 |