Making Wordpress More Secure Suggestions?

by 3 replies
3
Hi. Someone suggested I post my question to this board:

Does anyone have a solution to prevent injection hacks on their Wordpress sites?

In particular, stopping some of these apparent injection hacks from MoroccanWolf. Google "AD4-Hacked by Moroccanwolf" and you'll see this guy all over the place.

I've had several sites get hacked and I can't figure out the entry point.

I've had sites with all kind of security plugins get hit -- Wordfence, All In One Security, iThemes Security, Limit Logins, etc. I'm pretty sure it's not a password attack since I don't see any kind of evidence in the retry log. I had a site with just the stock WP installed and even that got whacked so I don't think it was a plugin exploit...unless it was Akismet...That's why I'm suspecting some kind of injection.

The 3 things that seem to get changed are the Title, some junk getting inserted into the text widget, and the UTF encoding.

Thanks for any ideas.

Wendell
#programming #hack #injection #making #secure #suggestions #wordpress
  • That's a tricky question as these hackers / bots makers keep up to date with the security plugins. I have used plugins #1, #2, #3 and #6 of the plugins listed on the article linked below and have had success defending WP sites for clients. The main thing is to keep the security plugins updated as often as they release patches.

    Article of security plugins: 7 Best WordPress Security Plugins - InfoSec Resources

    So it can be done (re: secure a wp website the right way) but it is a constant battle by making sure security plugins remain updated.

    Hope this helps.
    • [ 1 ] Thanks
    • [1] reply
    • Thanks for the link. I'll check out some of those other plugins. I've seen some posts on adding stuff to the .htaccess file to prevent certain injection hacks and I might give that a try as well.

      Wish someone would post what method this Moroccan hacker is using so I could test if any of the new plugins or other hardening works.

      Best,

      Wendell
      • [1] reply
Join the discussion

Next Topics on Trending Feed