I’ve been reading about a rash of WordPress sites being hacked lately, and today I finally got hit, with five so far that I know about.
My programmer and I have been spending the last couple of hours dealing with site recoveries, which luckily is pretty easy for us with two of the backup plug-ins that we are using.
Visiting all of these websites generated the following error message from the main domain, the blog, or trying to access any folder in the domain. (I removed control panel usr and domain info)
Parse error: syntax error, unexpected ‘<‘ in /CPANELMAMEREMOVED/local/home/USERNAMEREMOVED/DOMAINREMOVED.com/wp-includes/default-filters.php on line 229
Basically, what happened is that someone injected their own index.php file in every folder on the domain, and if you do a search on Google for just the first and last part of the error in quotes, (removing your user specific details) then you’ll see over 10,000 results for people who’ve had the exact same thing happened to their blog over the past couple of years. yikes!
Honestly, reading all of the info there is pointless, because the bottom line is that you haveto do a clean install of WordPress, then recover from a backup. Then you need to change your username password for not onll your FTP, but inside your WP-config file too, because remember, they had access to everything.
I have to admit here, that our own laziness is what resulted in our sites being hacked, because we’ve taken limited steps securing most of our own sites.
There are some great online tutorials about securing your WordPress blogs, and there’s even an e-book or two that I’ve purchased with every intention of coming back and locking things down, but frankly, it takes time.
However, the way most of these sites appear to be getting hacked are through simple methods, and I’ve gone out and found a couple of plug-ins that recently became part of our standard WordPress installation, and now we are going back to literally hundreds of WordPress installations and adding these plug-ins.
The first one is called Secure WordPress http://wordpress.org/extend/plugins/secure-wordpress/ and it seems to be one of the most popular security plug-ins out there. The fact that they’ve done six updates in the last three months is what really drew me to them.
The second one is called the WordPress file monitor http://wordpress.org/extend/plugins/wordpress-file-monitor/ and what it does is monitor your entire installation for any changed, added, or deleted files.
For every file that’s changed, you can get an e-mail sent to the address of your choice, and it can scan as often as you wish. While this can become a pain in the neck, it’s a simple matter to set up filters to ignore and delete notifications about your sitemap.xml, or theme changes, etc.
In the video above, I show that setting up the two of them takes a grand total of about 90 seconds, but that 90 seconds to save you tons of time and aggravation. I also show which backup plug-ins we are using, that enabled us to recover the five blogs hacked today. Without them, we’d be lost…
As I also mentioned in the video, this is not a complete guide to securing WordPress, but I do believe that with the myriad of unprotected sites out there, the scanning software that’s out there looking for vulnerabilities is more likely to just move on by a site is using these plug-ins.
Finally, NOT mentioned in the video, (maybe I’ll re-do it) is another plugin called WordPress Firewall by SEO Egghead which investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks.