Posts: 13
Threads: 5
Joined: Nov 2016
Reputation:
1
11-01-2016, 03:14 PM
Hi techs,
I wish to hear from all of you regarding this Wordpress Spamming . Do any of you have any exact idea how it is getting hacked and send out spam mails ?
What is the best defence we can do against this ?
Also what all should we ask customers or a hacked website owner to do inorder to get some protection in future ?
Below is some points which I wish to add
1. Do not keep the default wordpress admin user name
Create a new user, give them the same privileges and then delete the admin account.
2. Keep the wordpress uptodate and try to use auto update feature
3. Try to use some difficult password which is not based on your name nor dictionary based.
I will suggest you to use some nick name which are written in your local language which is not easily detectable and add some number and special characters in those.
4. Try to use Wordpress Two Step verification process for admin user.
5. Remove all unwanted plugins and themes which are not used or not monitored. Also you should remove default themes installed if not in use.
6. Install security plugins like "Captcha on Login", "Wordfence" or "iThemes Security Pro" and follow the instructions and recommendations.
7. Change “wp_” Database Table Prefix.
8. Change Default Login URL
By default, WordPress Admin login URL is wp-admin and everyone can access it and if someone manages to crack your password then he knows what to do next :p In that case, we can change the URL to whatever we want and trick them. You don't have to do this manually because there some paid and free plugins for this job.
9. Remove Login Error Message
By doing this you can easily prevent Username Disclosure Vulnerability. what actually happen is when someone enters a wrong username and tries to log in, form will come up with an error message saying Wrong username and this thing can help him identify the correct username and on a correct username it will come up with “The password you entered for “username” is wrong”. Navigate to => Appearance => Editor and open functions.php file and add this code:
addfilter('login_errors',create_function('$a', "return null;"));
10. Disable Directory Listings
This is also important one can easily your plugin files and wp-includes folder or theme files. Disabling Directory listings can help you prevent FPD (Full Path Disclosure) vulnerability. You can do this by adding this one line of code in your .htaccess file.
Options -Indexes
11. Disable PHP Execution
By doing this you can disable all already uploaded php backdoors or shells and this can really help you in many ways.
Most of the backdoors and shells are coded in PHP that's why it' very useful.
Do this by creating a new file and name it .htaccess and upload it to wp-content, plugins / themes/ upload folders and wp-includes folders and add the below code.
<Files *.php>
deny from all
</Files>
12. Protect Wp-config.php
This is very important as I explained above if one website is vulnerable, so you are. you can prevent Symlink attack by just securing the config. We have to secure it so no one can see whats inside wp-config.php and we can protect our Database credentials. Add this code into your .htaccess file.
<files wp-config.php>
order allow,deny
deny from all
</files>
Posts: 25
Threads: 11
Joined: Nov 2016
Reputation:
1
11-02-2016, 02:47 PM
Thanks for the list Edward.
I will add the below to your ones
1. Hide your author usernames by adding these codes into functions.php file
Code:
add_action('template_redirect', 'bwp_template_redirect');
function bwp_template_redirect()
{
if (is_author())
{
wp_redirect( home_url() ); exit;
}
}
2. Make sure you add proper protection to bruteforce attacks on wp-login.php and xmlrpc.php either using fail2ban or modsecurity as these are the best methods than blocking using a plugin or htaccess.
#####
Linux Server Administrator
More than 10 years of experience in Linux server and Hosting Outsourced support
ServerTechnicians.com
Posts: 25
Threads: 11
Joined: Nov 2016
Reputation:
1
Hi Guys
I am still not sure how we can prevent the wordpress spamming once it is occured as they seemed to be able to upload the files again and again. The above steps might be able to stop things happening but any idea about how they were able to upload the spamming files ?
#####
Linux Server Administrator
More than 10 years of experience in Linux server and Hosting Outsourced support
ServerTechnicians.com
Posts: 25
Threads: 11
Joined: Nov 2016
Reputation:
1
Hi guys
Last day I got hold on one such spamming and I removed the spamming file named max.php and immediately after 2 minute that file again got re uloaded and on checking the access logs, it was 2 files in the default wordpress theme twentyfourteen files named erro.php was there.
there will be more or other files names which can be a causing this but just hope to add more on this.
I guess removal of unwanted and unused plugins and disabling php execution in the wp-content folder is a good move against this
#####
Linux Server Administrator
More than 10 years of experience in Linux server and Hosting Outsourced support
ServerTechnicians.com