Comments on: Wordpress Injection Attack

By: Wordpress Injection | Free Wordpress Themes

Wordpress Injection | Free Wordpress Themes — Fri, 30 Oct 2009 14:55:44 +0000

[…] View Results Loading … […]

By: Dave Yates

Dave Yates — Thu, 17 Sep 2009 13:16:03 +0000

Hi Dan

Thanks for this and for the email. I am onto the server config advice now. Hosrting could be an issue — I use Heart in the UK. They are a bit ‘pile it high sell it cheap’, but the support is good and they know what they are doing — I tend to think the problem was of my own making. For those wanting to learn, read on…

Historically, the site was first put up some years ago when I was still merrily creating several sites a day, full of enthusiasm for the ease and power of WordPress. Whereas, these days I tend to change everything including the WP-admin folder name, most of the file names and always delete the admin user name straight away and otherwise alter a lot of the out-of-the-box defaults, back then I did not.

It is not so feasible to retro-fit some of those practices unfortunately and once some nasty little germ has blown a hole in your installation, prevention doesn’t work any more and a cure cannot always be easily found.

Cautionary advice for everyone out there:

1. Consider adding .htpasswd and .htaccess protection to the wp-admin directory.
2. Try changing the wp-admin folder name. See: http://wp123.info/modifications/change-wp-admin-folder-name/
3. I would add the login lockdown plugin to Dan’s two excellent suggestions: http://wordpress.org/extend/plugins/login-lockdown/

By: Dan Nedelko

Dan Nedelko — Thu, 17 Sep 2009 11:39:10 +0000

Hey Dave,

These should help alot — I’m also going to email you directly but you’ll want to look at the server config. Years ago I had an account with Neureal, whose servers were hopelessly out of date. No matter what I did injections kept happening. You might want to try out a new host or have them lock some things down.

Especially openbasedir restrictions — add them — locking that down removes some functionality but helps alot.

By: Dave Yates

Dave Yates — Thu, 17 Sep 2009 11:27:18 +0000

Good article. Hope it works!!

I have a client’s site that has been getting filled up hidden injected links in the footer for months. I am at my wits end with it. I have been through the code with a fine tooth-comb (I’m not a hard-core code monkey, but I know my way around), I have deleted any number of plugins, installed as many preventative plugins, I have changed every username and password, done a complete reinstall of WP …and guess what — the hidden links keep coming back. Hopefully these plugins will finally see them off.

By: Maxxx

Maxxx — Sun, 05 Apr 2009 13:46:54 +0000

Oh, it’s a useful page! Thanks for it. (-:

By: We Got Hacked… | aimusic.com [the official A.i. website]

We Got Hacked… | aimusic.com [the official A.i. website] — Sun, 05 Apr 2009 12:34:38 +0000

[…] If you own a wordpress site that got hacked and are trying to figure out what to do, here’s a great article on how to solve it. […]

By: RaiulBaztepo

RaiulBaztepo — Sat, 28 Mar 2009 16:27:49 +0000

Hello!
Very Interesting post! Thank you for such interesting resource!
PS: Sorry for my bad english, I’v just started to learn this language
See you!
Your, Raiul Baztepo

By: Dan Nedelko

Dan Nedelko — Thu, 12 Mar 2009 15:36:08 +0000

Thanks WuWu — glad you liked it. Hope to see you back soon!

By: WuWu

WuWu — Thu, 12 Mar 2009 13:04:18 +0000

Very nice post, thanks!!!

By: Dan Nedelko

Dan Nedelko — Mon, 09 Mar 2009 12:38:49 +0000

Hey Kimberly,

Since you run quite a few Wordpress blog maybe it would be useful for you to subscribe to my RSS feed. I have a series of useful articles coming up that might interest you.

Thanks
Dan