[Wordpress Security Alert!] My WP "BLOG" has been "HACKED" *Complete Security Suite!

[azsno]

Wordpress Security Alert! WP has been "HACKED"

That's a scary headline, especially if your Wordpress Blogs are making money. My program "Lock's" down your Wordpress Blogs, making them virtually impenetrable...!

Complete Wordpress Security Suite Locks Down Your BLOG Tighter Than a Bank VAULT!

Upgraded to Work With Wordpress 3.1!

Detailed Video's in HD format illustrate "How" to Secure your Wordpress Blogs against Hackers!....

Here's a Blog that was For Sale on Sitepoint - Hackers got there first: Click On Image to Watch Video

You'll Receive the Following:

1. Security Plugins and WP-Padlock Security Suite - Secure Wordpress From Hackers!

2. I’m giving You All My “Security” Plugins I use on Each of My BLOGS for FREE!

3. All video Tutorial's are recorded in the industry-leading H.264 format using "High Definition"

4. You’ll Receive My Security Script, WP-Padlock (Lock Down WordPress Like Fort Knox!)

5. Works on Older Versions of WordPress with Known Security Vulnerabilities! Hackproof Older Sites without Upgrading…

6. WPTwin Clone - WP-Padlock Security Suite Available for Small $7 upgrade Fee - Install Completely Configured Hackproof Site in less than 1 Minute - (Must Own WPTwin)



Here's the "BEST" Testimonial:

Quote:

Originally Posted by Tom Dean View Post

Guess I will be trying this.

The blog that says "HaCked By" by is mine. Just saw it today. I repaired it (pain in the A**) but it's still indexed/cached with the hackers title for now.

Testimonials From Warrior's:

What Are You Waiting For? Secure Your Vulnerable Wordpress Sites NOW!

P.S. WPTwin Clone Version Available for Small Upgrade Fee - Completely Secure Wordpress Site Installs in Less Than 1 Minute - Install On "NEW" Sites ONLY!

[EdnaM]

Hello,

Nice offer, thank you.

Happy New Year!

[k60mall]

Thanks guy for a great script.

After installing your script I tried to access my wordpress admin from a different IP address and it just kept sending me to a 404 page but as soon as I used my own Ip address I got right in with no trouble :-)

This will stop this nasty hacker from screwin g with my business and for only $12, what a deal.

Thanks again

Keith

[kkrueger]

Thanks for a great script! I had my site hacked...and now I feel great knowing that hackers are locked out.

Great product!

karen

[IMChick]

Can you tell me how this is compares to WordPress Secured for hack-proofing a blog? What is your experience in the tech side? I just got the other package...

[azsno]

Quote:

Originally Posted by IMChick

Can you tell me how this is compares to WordPress Secured for hack-proofing a blog? What is your experience in the tech side? I just got the other package...

It basically does the same thing as WP Secured...It places a .htaccess file in wp-admin, and then records the IP address for access...

It simply doesn't give access to anyone that doesn't pass the IP test...Obviously the "ONLY" way to hijack this technique is to "spoof" the IP address, then a hacker will need to know the username and password...Almost impossible to do, unless you use a "sniffer" to capture the network packets in plain text and then use that info to break-in...

Experience: I was a Checkpoint and Nokia Firewall Certified Security Engineer in Silicon Valley for many years...I designed Enterprise Networks and deployed Intrusion Detection Systems at Lawrence Livermore Labs, UC Berkeley, Providian Financial, Cal State University Systems, U.S. Army, NetZero, eBay, and many others...

~AzSno...

[NewQuestions]

Just ordered

[NewQuestions]

I paid for this script yesterday, and Paypal sent me to a broken page.
Sent you a message, received a reply, sent you another message but
I have still not received a copy of the script. Please let me know thanks.

[Doug Castleton]

Sent you a PM reporting a broken link also.
Thanks

[azsno]

Quote:

Originally Posted by Doug Castleton

Sent you a PM reporting a broken link also.
Thanks

Link fixed........thanks for the heads up...PM download link sent...

~AzSno...

[Alminc]

Isn't that the exactly same script as wordpress secured?

[Alton Hargrave]

Looks very interesting. My only concern is the way it seems to prevent access (by IP address). Is it blocking all IP's but one or will it allow a range?
What happens for those that have dynamic IP's? Do you have to log into CPanel to change it every time your IP changes? Or worse yet, do you lose access at this point?

[wiresaw]

Nice Software.. It's for security..

[azsno]

Quote:

Originally Posted by Alton Hargrave

Looks very interesting. My only concern is the way it seems to prevent access (by IP address). Is it blocking all IP's but one or will it allow a range?
What happens for those that have dynamic IP's? Do you have to log into CPanel to change it every time your IP changes? Or worse yet, do you lose access at this point?

It uses IP and the .htaccess to secure the login. If you change IP's you simply login using your new IP, the system recognizes you by username and password and grants access...

[Dee Scofield]

This is tempting. I'm just curious to know what would happen if I tried to work on my blogs while I was at someone else's house, as I do when my power occasionally goes out. Would I just have to wait until my power came back on so that I could work from my home computer?

[Alton Hargrave]

It appears that it doesn't use I/P and .htaccess at all, but username and password. That is what I am using now, how is yours different?

[azsno]

Quote:

Originally Posted by Dee Scofield

This is tempting. I'm just curious to know what would happen if I tried to work on my blogs while I was at someone else's house, as I do when my power occasionally goes out. Would I just have to wait until my power came back on so that I could work from my home computer?

You can be anywhere and still access your Admin Panel...It just places your "new" IP in a file once you login using your username and password...

[azsno]

Quote:

Originally Posted by Alton Hargrave

It appears that it doesn't use I/P and .htaccess at all, but username and password. That is what I am using now, how is yours different?

It may "appear" that way, but the program uses IP and .htaccess to get you to the login screen, "where" you'll place your username and password...

There are many 0 Day exploits for wp-admin and this just makes it harder for hackers to:

1. Locate the login screen

2. Run "brute" force exploits against wp-admin

3. Circumvent exploits in wp-content/plugins and themes

4. The whole idea is to make it more difficult to exploit WP vulnerabilities...

[webdiva]

Very interesting, and something I believe my 'blogging' web visitors would also be interested in.

One question regarding the MRR package - Is the video demo you link to from this WSO the same video included in the resale package? I ask because I see it's branded to your sales page URL.

D.

[azsno]

Quote:

Originally Posted by webdiva

Very interesting, and something I believe my 'blogging' web visitors would also be interested in.

One question regarding the MRR package - Is the video demo you link to from this WSO the same video included in the resale package? I ask because I see it's branded to your sales page URL.

D.

The video is not the same....I don't have any trouble with you using that video however...I may include that in the package going forward...

[Tom Dean]

Guess I will be trying this.

The blog that says "HaCked By" by is mine. Just saw it today. I repaired it (pain in the A**) but it's still indexed/cached with the hackers title for now.

Thanks for the deal.
Tom

[azsno]

Quote:

Originally Posted by Tom Dean

Guess I will be trying this.

The blog that says "HaCked By" by is mine. Just saw it today. I repaired it (pain in the A**) but it's still indexed/cached with the hackers title for now.

Thanks for the deal.
Tom

I think I'll use your testimonial in my sales copy....thanks for the purchase...

[Dee Scofield]

Thanks for your reply, Guy. Downloaded, watched all the videos, haven't yet started uploading the plugin to my blogs but it looks very straightforward. I already have most of the other plugins you include, but the videos taught me a few cool things about how to use them that I didn't know.

The vulnerability of my blogs has been nagging at me for a while, but I'm not very technical so it limited my options for solving the issue. I love how simple your solution is. All in all this was fantastic value for the money.

Quote:

Originally Posted by azsno

It basically does the same thing as WP Secured...It places a .htaccess file in wp-admin, and then records the IP address for access...

It simply doesn't give access to anyone that doesn't pass the IP test...Obviously the "ONLY" way to hijack this technique is to "spoof" the IP address, then a hacker will need to know the username and password...Almost impossible to do, unless you use a "sniffer" to capture the network packets in plain text and then use that info to break-in...

Experience: I was a Checkpoint and Nokia Firewall Certified Security Engineer in Silicon Valley for many years...I designed Enterprise Networks and deployed Intrusion Detection Systems at Lawrence Livermore Labs, UC Berkeley, Providian Financial, Cal State University Systems, U.S. Army, NetZero, eBay, and many others...

~AzSno...

Hey Now!!! Backup ... Your product does not do anything like WordPress Secured and I personally resent the fact that you say your product does when infact WordPress Secured is a true security solution, not some ip blocking stuff that any .htaccess file can do and your host will set it up for free for you.

WordPress Secured is not some .htaccess, it is a FULL INSTALL THAT HAS HAD THE CODING CHANGED AND SECURED WITH THE ABILITY TO SETUP YOUR OWN NAMES FOR FOLDERS AND ETC WHILE INSTALLING. IT CAN BE INSTALLED IN 10 MINUTES AND IT IS A FULL WORDPRESS INSTALL.

Frankly I do not like the fact that you try to use my product name to sell your own.. It is NOT basically the same thing. You really do not want to know my opinion on your WSO..

James

[azsno]

Quote:

Originally Posted by TheRichJerksNet

Hey Now!!! Backup ... Your product does not do anything like WordPress Secured and I personally resent the fact that you say your product does when infact WordPress Secured is a true security solution, not some ip blocking stuff that any .htaccess file can do and your host will set it up for free for you.

WordPress Secured is not some .htaccess, it is a FULL INSTALL THAT HAS HAD THE CODING CHANGED AND SECURED WITH THE ABILITY TO SETUP YOUR OWN NAMES FOR FOLDERS AND ETC WHILE INSTALLING. IT CAN BE INSTALLED IN 10 MINUTES AND IT IS A FULL WORDPRESS INSTALL.

Frankly I do not like the fact that you try to use my product name to sell your own.. It is NOT basically the same thing. You really do not want to know my opinion on your WSO..

James

I was actually referring to a product by Tony Chamberlain, of BlackMagicTraffic, that is named WP Secure...

~AzSno...

No you referred to my product WordPress Secured which is the only product with that name.. 2 of my customers on this very WSO asked you one you answered the other you ignored.

Also this WSO has been reported and should be removed due to you trying to sell a security product that is NOT a security product. You have made false claims " Secure your Wordpress Blogs against Hackers & Blackhat's.... " This product does not secure wordpress at all, only thing is does is block the admin ip ..

You make claims 2.7 has been hacked but no proof anyplace to back that up because the blog you have posted as an example does not even have a WP install on the server at all. The site was for sell on that scamming forum DP .. Last year which indicates it was not 2.7 that was installed.

The fact is those blogs that have a index with hacked by is only because the server allowed uploads and permissions was set to 777 - That is not hacking, that is a simple little upload of a index file.

James

[azsno]

Quote:

Originally Posted by TheRichJerksNet

No you referred to my product WordPress Secured which is the only product with that name.. 2 of my customers on this very WSO asked you one you answered the other you ignored.

Also this WSO has been reported and should be removed due to you trying to sell a security product that is NOT a security product. You have made false claims " Secure your Wordpress Blogs against Hackers & Blackhat's.... " This product does not secure wordpress at all, only thing is does is block the admin ip ..

You make claims 2.7 has been hacked but no proof anyplace to back that up because the blog you have posted as an example does not even have a WP install on the server at all. The site was for sell on that scamming forum DP .. Last year which indicates it was not 2.7 that was installed.

The fact is those blogs that have a index with hacked by is only because the server allowed uploads and permissions was set to 777 - That is not hacking, that is a simple little upload of a index file.

James

James,

Obviously you have a "real" problem with anger management issues...Take a "chill" pill and relax!

I now see why you have so many "infractions" on your profile, you're wound way too tight...

Since you haven't purchased my WSO, you really can't comment on it, so I've gone ahead and forwarded your tirade to the admins...

I can now see why you call yourself "TheRichJERKnet," the "JERK," moniker fits...

My WSO has been "REPORTED" for trying to sell a Security Product that is not a Security Product...You've got to be kidding (You might want to read the WSO Rules again on that one Einstein)

I've reported "YOU" for impersonating a human being, we'll see how far that goes...;-0

~Azsno...

[maverick4u]

I'm interested in this as I found some weird files on my Hostgator hosting account that were not mine, Also I found an .htaccess file on one of my blogs that has these lines:

# BEGIN BLOG HOSTING PART
# Deny search bots
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} (google|gsa-crawler|msn|yahoo|Y!|SpiderMan|crawler|Scooter|Alt aVista|Slurp) [NC]
RewriteCond %{REQUEST_URI} ^/(wp-admin/|wp-content/|wp-login.php)
RewriteRule .* - [F]
</IfModule>

Does this mean i'm unwittingly blocking the search bots from indexing my content? Or is this some sort of added security feature? I think I need your added security!

[icyguy]

just purchased thanks for the awesome solution
2YU54727RC7318022. Just one question is this working with latest wordpress release 2.8.4 ?
I checked the download page that seems no license being granted.. how to get that? can PM me ?

[Alpha981]

Hello icyguy

I have this script running on about 30 blogs, all with the latest version of WP 2.8.4

hope that helps

[azsno]

Quote:

Originally Posted by maverick4u

I'm interested in this as I found some weird files on my Hostgator hosting account that were not mine, Also I found an .htaccess file on one of my blogs that has these lines:

# BEGIN BLOG HOSTING PART
# Deny search bots
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} (google|gsa-crawler|msn|yahoo|Y!|SpiderMan|crawler|Scooter|Alt aVista|Slurp) [NC]
RewriteCond %{REQUEST_URI} ^/(wp-admin/|wp-content/|wp-login.php)
RewriteRule .* - [F]
</IfModule>

Does this mean i'm unwittingly blocking the search bots from indexing my content? Or is this some sort of added security feature? I think I need your added security!

Correct, this .htaccess file is denying the spiders access to your site, subsequently they won't get indexed, or get dropped if they've been indexed previously...

~AzSno...

[GaryHarvey]

James, I'm wondering what the steps are to close this vulnerability.

Chmod the /uploads folder to ____?

And how do I turn off "uploads allowed"?

Thanks
Gary

Quote:

The fact is those blogs that have a index with hacked by is only because the server allowed uploads and permissions was set to 777 - That is not hacking, that is a simple little upload of a index file.

James

[azsno]

Quote:

Originally Posted by GaryHarvey

James, I'm wondering what the steps are to close this vulnerability.

Chmod the /uploads folder to ____?

And how do I turn off "uploads allowed"?

Thanks
Gary

James only has a "guest" account now, maybe someone did a CHMOD to 777 on his account here on Warrior....'-)

~AzSno...

[GaryHarvey]

Perhaps you can assist
with my questions?

[azsno]

Quote:

Originally Posted by GaryHarvey

Perhaps you can assist
with my questions?

You can do a CHMOD to 755 on the wp-content folder...That helps tremendously...

Without root or cPanel access it's virtually impossible to gain access to the wp-content/uploads directory...

My WP-Padlock Security Suite closes any and all vulnerable folders by using .htaccess...I also go over a few other vulnerabilities that Wordpress has in the video tutorials...I show you simple ways to close those holes also...

~AzSno...

[GaryHarvey]

A site of mine was hacked a few days ago by the bad guys uploading a different index.html, even though wp-content is 0755

How do you stop them uploading stuff? No, I dont use admin as the wp admin username though I do use a portion of the domain name.

[darksky]

Is this product still current with:

a) the latest version of wordpress - ANY compatibility issues with different plugins?
b) latest "hacks"

[azsno]

Quote:

Originally Posted by GaryHarvey

A site of mine was hacked a few days ago by the bad guys uploading a different index.html, even though wp-content is 0755

How do you stop them uploading stuff? No, I dont use admin as the wp admin username though I do use a portion of the domain name.

If the hackers uploaded an index.html, it was probably uploaded to the root directory and subverted the normal index.php file that Wordpress uses...It really wouldn't do hackers any good to upload an index.html to the wp-content/uploads directory, unless it was an image file (hackers upload porn images via the wp-content/uploads directory)

There are many ways hackers get access, your host should be able to view the server logs and see how the culprits got in...If they can't or won't tell you, then I'd think about changing hosts...

Most all top rated hosts have either Checkpoint, Cisco Pix, or Netscreen firewalls, these are very effective at reducing attacks...Many also have IDS (Intrusion Detection Systems) also extremely effective in stopping nefarious traffic...

It could be as simple as a Keylogger on your PC, then the hackers get access to any site you log into (very bad if they capture you logging into your bank or Paypal account)...

I can't really troubleshoot your particular situation without having server logs or a network sniffer. My concern would be how the hackers got access to your site. If the hackers broke the server security, that's not as bad as having them access your site by obtaining the credentials off a Keylogger (Virus or Trojan) from your home PC...

~AzSno...

[WinsonYeung]

Hi,

I can't load the installation video, it's too slow.
Can you upload to youtube for faster loading instead?

Please send a pm to notify once there's another video where I can load...

Regards,
Winson

[azsno]

Quote:

Originally Posted by darksky

Is this product still current with:

a) the latest version of wordpress - ANY compatibility issues with different plugins?
b) latest "hacks"

The product is completely compatible with the latest version of Wordpress which currently is 3.1...

It should be completely compatible with all plugins, I haven't tested every configuration but it doesn't change any plugins or code, so there shouldn't be any issues...

It's very effective against any "0" day hacks and MySQL injection attacks...If you're running Wordpress 3.1 and my security suite, you're running the most effective security currently available for Wordpress...

~AzSno...

[azsno]

Quote:

Originally Posted by WinsonYeung

Hi,

I can't load the installation video, it's too slow.
Can you upload to youtube for faster loading instead?

Please send a pm to notify once there's another video where I can load...

Regards,
Winson

PM sent...

[darksky]

Purchased... sent a PM with a question

[azsno]

Quote:

Originally Posted by darksky

Purchased... sent a PM with a question

PM answered...

[seanromero]

Hi azsno,

I sent you a PM.

Thanks,

Sean R.

[GaryHarvey]

Guy, I sent you a PM.
Thanks
Gary

[GaryHarvey]

Got your prompt reply, thanks Guy.
Gary

[crlsgrc]

Will I be able to have someone else work on my blog from somewhere else while wp-padlock allows me to login from where I am?

[Food Guru]

is it compatible with wp mass updater?

[azsno]

Quote:

Originally Posted by crlsgrc

Will I be able to have someone else work on my blog from somewhere else while wp-padlock allows me to login from where I am?

Absolutely, if you give them the username and password, they'll be able to login from a remote location...

~AzSno...

[azsno]

Quote:

Originally Posted by Food Guru

is it compatible with wp mass updater?

This is not a plugin, it's an actual .php script, I don't think it would work with WP Mass Updater...

~AzSno...