3 {{ upvoteCount | shortNum }}
3 {{ upvoteCount | shortNum }}

Making Wordpress More Secure Suggestions?

by WendellC
3 replies
Hi. Someone suggested I post my question to this board:

Does anyone have a solution to prevent injection hacks on their Wordpress sites?

In particular, stopping some of these apparent injection hacks from MoroccanWolf. Google "AD4-Hacked by Moroccanwolf" and you'll see this guy all over the place.

I've had several sites get hacked and I can't figure out the entry point.

I've had sites with all kind of security plugins get hit -- Wordfence, All In One Security, iThemes Security, Limit Logins, etc. I'm pretty sure it's not a password attack since I don't see any kind of evidence in the retry log. I had a site with just the stock WP installed and even that got whacked so I don't think it was a plugin exploit...unless it was Akismet...That's why I'm suspecting some kind of injection.

The 3 things that seem to get changed are the Title, some junk getting inserted into the text widget, and the UTF encoding.

Thanks for any ideas.

Wendell
#hack #injection #making #secure #suggestions #wordpress
  • Profile picture of the author PeachCoding
    That's a tricky question as these hackers / bots makers keep up to date with the security plugins. I have used plugins #1, #2, #3 and #6 of the plugins listed on the article linked below and have had success defending WP sites for clients. The main thing is to keep the security plugins updated as often as they release patches.

    Article of security plugins: 7 Best WordPress Security Plugins - InfoSec Resources

    So it can be done (re: secure a wp website the right way) but it is a constant battle by making sure security plugins remain updated.

    Hope this helps.
    Signature

    Services offered: PSD to Wordpress, Joomla, Drupal Templates or Full Site, Custom PHP or C# Programming, Fix problems on any software, and more.

    You will get 25% OFF all services by mentioning the Warrior Forum. PM me here or email me to ivanphp404@gmail.com if interested and/or if you have questions.

    {{ DiscussionBoard.errors[10478370].message }}
    • Profile picture of the author WendellC
      Thanks for the link. I'll check out some of those other plugins. I've seen some posts on adding stuff to the .htaccess file to prevent certain injection hacks and I might give that a try as well.

      Wish someone would post what method this Moroccan hacker is using so I could test if any of the new plugins or other hardening works.

      Best,

      Wendell
      Signature

      List your no opt-in product here for free: No Opt In Required

      {{ DiscussionBoard.errors[10478664].message }}
      • Profile picture of the author jbyte
        First thing is to check the passwords for the admin, cpanel, ftp.

        Then ensure that everything is updated, all themes and plugins even if they are not active.

        I have a number of sites that do not use any security plugins and they have not been hacked as long as I have everything updated and passwords secure. Not a guarantee, but a very good start.

        You may have to enlist your host to help with the entry point of this hacker.
        Signature

        I fix WordPress problems, PM me if you need help

        {{ DiscussionBoard.errors[10479031].message }}

Trending Topics