[BlueOnyx:09676] Re: Hacked sites.

[Michael Aronoff]

At 07:21 AM 2/23/2012, you wrote:
>I've had a few wordpress site hacked on my Blue Onyx box.
>not sure how they got in,  but I do need to address the issue.
>Any add-ons that can help cleanse a server?
>this was one of the threats:
>http://www.xphp.info/security/new-threat-pokosa-malware/

It was not this exploit but I had a couple of WordPress installs get
attacked.

I went on a quest to figure out how to protect against this sort of attack
better.

First, I keep a clean copy of site files on my hard drive. By that I mean I
never download anything from the site. Before I upload an image or anything
I place it in my wp-content/upload folder locally, then if I install a
plugin I always download a copy to my plugins folder separately. This
ensures that in case of a file exploit like this I always have a clean set
of files.

Second, I use a plugin BackWPup and do daily database backups to FTP along
with weekly via email. On FTP I keep 2 weeks' worth of DB backups and the
email DB backups I keep in an Outlook folder which I let get archived so I
in effect keep them all. That way no matter how far back have to go to find
a clean DB I know I will be able to.

Third, I use Wordpress Firewall 2, which is a very cool plugin that blocks
many types if injection hacks.

Fourth I recommend WP htaccess Control, which disables directory browsing,
image and file hotlinking, can set maximum upload size, protect
wp-config.php, and .htaccess files.

Fifth and last I use Secure WordPress which disables some functions for
non-admins and blocks some types of attacks.

WordPress has become a very powerful CMS in its own right but there is a
learning curve to protecting it well. The good thing is once you get a set
of plugins and know how they work it is very easy to deploy across new
WordPress installations.

M Aronoff Out