Join 3,432 readers in helping fund MetaFilter (Hide)


Wordpress Hack Prevention
March 15, 2012 3:35 PM   Subscribe

I am running a Wordpress installation on my own domain. It was hacked. For an admin fee, my web host is restoring prior to the hack. What are my best practices going forward to prevent this from happening again?

Whether it be security, administration, product knowledge, etc. — please share your helpful tips for Wordpress users who have been hacked. I'd like to avoid the same hacker making the same hack after I've had the site restored.

Assume for the time being I have no desire to change to a different content management system. That may be a future AskMe question.
posted by netbros to Computers & Internet (8 answers total) 9 users marked this as a favorite
 
The only time a site I support was hacked, it was because they had an outdated version of timthumb.php in a theme they bought & installed. We now run http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/ on all of our sites & haven't had that particular issue again.
posted by belladonna at 3:50 PM on March 15, 2012 [1 favorite]


Have you run through everything in Hardening WordPress?
posted by bcwinters at 3:57 PM on March 15, 2012 [2 favorites]


Learn how to harden Wordpress (start with the link above), vet everything you are thinking of adding to WP by searching for known issues, yes, even the themes. If you accept user input then guard against SQL injection attacks. Take good regular backups of your WP directory and all WP database tables (beware of backups containing the same problem which just took you down).
posted by epo at 4:17 PM on March 15, 2012


You should also do some log analysis to see exactly what the attack vector was: look for POST requests and odd query strings from individual IPs around the time that the hack took place. If you don't have access log archives provided by your host, ask for them.

The timthumb and phpThumb vulnerabilities are big, obvious ones, but they're not the only ones.
posted by holgate at 4:25 PM on March 15, 2012


That's all good advice, especially using the tools mentioned in the Hardening Wordpress doc and having daily backups. But let me recommend the #1 way that you can protect your site long-term: update the version of Wordpress you use, along with any themes or plugins you use, as soon as there are security updates. Joining the Wordpress announcements mailing list or subscribing to the Wordpress News blog in your RSS/ATOM reader of choice may help notify you of such changes.
posted by eschatfische at 4:58 PM on March 15, 2012


I recently bookmarked WPSecure, which has some advice that's outside the Hardening Wordpress page.
posted by adamrice at 5:01 PM on March 15, 2012 [1 favorite]


The driveby hackings have been brutal lately. I sympathize -- had to clean my own sites and some clients' repeatedly in the last few months. Lots of good advice at WPsecure.

Also, you can periodically use http://sitecheck.sucuri.net/results/yoursite.com as a quick check to see if things are clean.
posted by stavrosthewonderchicken at 1:14 AM on March 16, 2012


As far as making sure you have a backup, use VaultPress. It can't get much better than from Automattic themselves.

They automatically push out security fixes for you, and monitor for intrusions.
posted by chrisfromthelc at 8:22 AM on March 16, 2012


« Older What are the next steps after ...   |  Can anyone identify this bug?... Newer »
This thread is closed to new comments.