Category Wordpress News

WordPress Plugin Security Concerns

The true definition of a WordPress Plugin is code that goes into the core of your site and allows you to change appearance, security, or other settings.  With the access and amount of plugins that are out there, is there any way to be sure they are secure?  I have posted several times about plugins that have security vulnerabilities that allows hackers/script kiddies to download your wp-config.php file, gain access to your root, or make themselves an admin.  Is there truly a way to protect yourself from probing attacks?

As I write this post, I am reviewing probing links into my site:

/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php
/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php
/wp-content/plugins/sexy-contact-form/includes/fileupload/index.php
/wp-content/plugins/db-backup/download.php?file=../../../wp-config.php
/wp-content/plugins/advert-manager-plugin/readme.txt
/store/js/mage/cookies.js
/js/mage/cookies.js
/shop/js/mage/cookies.js
/wp-content/plugins/360-product-rotation/readme.txt
/wp-content/plugins/robotcpa/f...

Full Post Here

Some of the latest issues effecting WordPress Security

So I have been preparing for some major things with my full time job.  I left the site up and have not refreshed things in a while.  Not to say that I did not update the plugins, themes, and core WordPress; that is a requirement of any site.  However content and posts were idle for a few months.  This post shares some insight from my backend, where probes went, and now the IPs that are at fault.  I share this information in the hopes fellow site builders can be proactive, possibly by banning the IP address prior to defacing attempts, or possibly just raising the red flag just a little bit more as you watch hits coming in to your site.  Whatever the case, here is the long list:

Report for 188.20.69.74

Records in database: 25
Latest hit: July 15, 2015 14:18:02
First hit: July 15, 2015 14:17:45
User agent(s): Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_6) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.12 Safari/534.24
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.0 Safari/534...
Full Post Here

The First WordPress Security Things To Do

First and foremost:

Block the main User Agents that are behind a lot of bad traffic, User-Agent libwww-perl and Microsoft-WebDAV-MiniRedir. If your using a Linux server, be sure to add the following lines in your .htaccess file:

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} libwww-perl.*
RewriteRule .* – [F,L]

or you can also block it this way:

SetEnvIf User-Agent ^Microsoft-WebDAV-MiniRedir BadWebDav
Order Allow,Deny
Deny from env=BadWebDav

Be aware that this will block all User Agents both good and bad, of libwww-perl and Microsoft-WebDAV-MiniRedir. The majority of this traffic is bad however, so its a necessary fix.

Second:

Install the plugin Statpress or another hit tracking plugin to allow you to see the interactions of all IPs on your site. This includes 404 hits which you will find being a goldmine in the aspect of seeing what pages these script kids are trying to use to get in your backend. Not all tracking plugins are made the same, so test them out.

Third:

Make a backup. This is huge!!! A backup of every database and file should be done weekly at a minimum, daily if possible...

Full Post Here