Making Wordpress More Secure Suggestions?

4 replies
Hi.

Does anyone have a solution to prevent injection hacks on their Wordpress sites?

In particular, stopping some of these apparent injection hacks from MoroccanWolf. Google "AD4-Hacked by Moroccanwolf" and you'll see this guy all over the place.

I've had several sites get hacked and I can't figure out the entry point.

I've had sites with all kind of security plugins get hit -- Wordfence, All In One Security, iThemes Security, Limit Logins, etc. I'm pretty sure it's not a password attack since I don't see any kind of evidence in the retry log. I had a site with just the stock WP installed and even that got whacked so I don't think it was a plugin exploit...unless it was Akismet...That's why I'm suspecting some kind of injection.

The 3 things that seem to get changed are the Title, some junk getting inserted into the text widget, and the UTF encoding.

Thanks for any ideas.

Wendell
#hack #injection #making #secure #suggestions #wordpress
  • Profile picture of the author Regional Warrior
    Originally Posted by WendellC View Post

    Hi.

    Does anyone have a solution to prevent injection hacks on their Wordpress sites?

    In particular, stopping some of these apparent injection hacks from MoroccanWolf. Google "AD4-Hacked by Moroccanwolf" and you'll see this guy all over the place.

    I've had several sites get hacked and I can't figure out the entry point.

    I've had sites with all kind of security plugins get hit -- Wordfence, All In One Security, iThemes Security, Limit Logins, etc. I'm pretty sure it's not a password attack since I don't see any kind of evidence in the retry log. I had a site with just the stock WP installed and even that got whacked so I don't think it was a plugin exploit...unless it was Akismet...That's why I'm suspecting some kind of injection.

    The 3 things that seem to get changed are the Title, some junk getting inserted into the text widget, and the UTF encoding.

    Thanks for any ideas.

    Wendell
    Wendell

    I would try re-posting here you may get better answers than on the main board

    Programmers

    Jason
    {{ DiscussionBoard.errors[10476523].message }}
  • Profile picture of the author godinu
    I see you already use wordfence, which is good. Securi is another option. It seems like a lot of hackers inject code through outdated themes and plugins that have gaping security holes in them. Make sure everything you use is the latest version. I've deleted akismet on my sites because I suspected it was the door into the site a while back.

    I ended up having to completely reinstall wp/etc to a new folder and point the info to the old database to clean mine.
    {{ DiscussionBoard.errors[10481211].message }}
  • Profile picture of the author professorrosado
    Originally Posted by WendellC View Post


    Thanks for any ideas.

    Wendell
    One thing you didn't mention was your own computer's security. Any and all WP based security is easily overcome if your PC is compromised.

    Just having the plugins installed is not enough. You need human monitoring of your site and tweaking the plugins for hacker probes.
    {{ DiscussionBoard.errors[10481216].message }}
  • Profile picture of the author Marvin Lex
    If several sites got hacked by the same guy, it is likely that either your whole server is infected or there is a vulnerability all these sites share, e.g. an outdated WordPress plugin. If we are talking about highly valuable sites it will be worth getting help from professionals of Sucuri.net. Otherwise let your web hoster clean the sites. However, often the tech staff has no idea about those things and they just run a cleaning script for a minute and then tell you it's all clean... After you cleaned everything get a paid or at least a free WAF (web application firewall).
    {{ DiscussionBoard.errors[10482598].message }}

Trending Topics