Knowledgebase

Website with Wordpress has been compromised? Please read this article!

Dear customers,
 
In the past few weeks, we've seen many reports about compromised Wordpress blogs. We scrupulously investigated each issue and found out the following:
 
  1. Password to cPanel was easy to guess. We saw following passwords (reported via support desk): "password", "Myblog1i", "sunshine17" "mycpanel" etc. Password must be created via Password generator tool provided by either cPanel or WHM. Also, you must change password every 3 months.
  2. Wordpress data base name was weak, something like "username_wordpress". When you add new data base, you should add something not related to content, for example, username_blog27i.
  3. Wordpress data base USERNAME (username to DB) was weak. It's good idea to create strong username like "tr128q45". Please avoid special symbols like !@$%&" inside data base names. You can use lower case letters and numbers.
  4. Wordpress data base password was EXTREMELY WEAK. In about 60% of reported security issues, we saw these passwords: "password" and "pass123". Please use password generator tool even for db username password setup. Strong password looks like this: @$124&^@!~11mrQ
  5. Wordpress security keys in 90% of reported cases were set to default "put your unique phrase here". This is a huge mistake! You must use this key generator tool: http://api.wordpress.org/secret-key/1.1/
  6. Wrong permissions on files and folders. In about 30% reported cases, we noticed wrong permissions: 666, 757 and even 777. Correct permissions for all files: 644 (including php files), folders: 755. If you don't know how to set it, let us do it!
  7. In about 10% of call reported cases, we found old wp-config.php files, some even in .txt format. Those must be removed at once (basically, all unneeded old files and directories must be removed).
  8. Backup files were located on the server. It's illegal and insecure to keep them on the same website. You can generate full cPanel backup via cPanel > Backup > Generate full backup then download it to personal computer. After that, it's important to remove backup file via FTP!
  9. Most customers were accessing insecure cPanel channels, for example, http://domain.com:2082. Secure ports are: 2083 (cPanel), 2087 (WHM) and 2095 (webmail).
  10. Some customers stored passwords inside browsers. You should really avoid storing data inside any browser for security reasons.
  11. In about 20% of cases, end user computers were infected with Trojan horse. If your computer restarts, loads slowly, doesn't open some pages or acts weirdly, you should disconnect it from the internet at once, go to the store and find reliable AV software such is "Norton Suite" or "Kaspersky Internet Security 2013". If you think that finding (or not finding) a virus is important task, you're wrong. The most important task is to resolve VULNERABILITY ISSUES. Most customers get infected even if they run latest Antivirus and firewall software. Viruses are usually getting through insecure applications (Frontpage, Outlook, Java etc).
  12. Admin username CANNOT be "admin"! Please login to cPanel > PhpMyAdmin > Select wordpress data base then "users". There you can set secure username to wp-admin interface.


If you have any questions, if you need ANY assistance with site security, we're here to help. Do not delay. Do not wait until you get reported or suspended.

We're also decided to keep old backups (generated about a week ago) for additional 60 days (until December 9th 2010) on external backup server. Please keep in mind that backup restore will cost $10 per website. If you have your own good backup, restore is free (full cPanel backup can be restored by system admin only).
 
How to secure Wordpress Blog: http://codex.wordpress.org/Hardening_WordPress
 
How to secure Wordpress Blog - Quick Guide
 
  1. Change site password using Password Generator Tool provided by cPanel (don't forget to logout, close browser, wait for 30 seconds then login back with new password).
  2. Remove MySQL user to Wordpress blog then add new one with STRONG password, again, using Password Generator Tool within cPanel. Example of good username: 17w4r1 (username will look like this 17w4r1_si7te1ty where 17w4r1 username to DB and si7te1ty username to cPanel. Example of strong password: Rx[f08_*&{bh. PLEASE DO NOT USE THESE USERNAMES AND PASSWORDS. YOU MUST USE OWN.
  3. Add new MySQL username to MySQL data base via cPanel with all privileges.
  4. Add new username and password to wp-config.php file
  5. Set permissions (chmod) on wp-config.php to 400
  6. Move wp-config.php file outside your root directory (ONLY 1 level up). For example, if you installed wordpress within public_html folder, you can move it outside: /home/si7te1ty (where "si7te1ty" is username to cPanel).
  7. Update Wordpress (all files). You should always use official http://wordpress.org
  8. Update all Themes (WP templates). It's very important to keep them up to date. You must remove all Themes which are NOT in use.
  9. Make sure your plugins are always updated. Also, if you are not using a specific plugin, make sure to delete it from the system.
  10. Login to cPanel > Password protect directories then protect directory "wp-admin" with strong username and password. Please do not set username to "admin"! Note: this step might break some WordPress functionality, because the Ajax handler wp-admin/ajax-admin.php and other files can't be accessed without the password.
  11. Generate full cPanel backup then download it to personal computer. Do not keep backups on your websites!
 
It's good idea to resolve local vulnerability issues by scanning your personal computer. We do recommend Kaspersky Internet Security 2013.
Please reset site password every 3 months. You must also update Wordpress blog as soon as they release new version. Wordpress is the most popular script, so it's being attacked a lot. Once you install it, you must dedicate some time. 
 
If you installed WP and don't use it for 3-6 months, simply remove it off the server.



Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article

Also Read
Path to perl (Views: 680)

Powered by WHMCompleteSolution

Language:

Client Login

Email

Password

Remember Me

Search