Not signed in (Sign In)
    •  
      CommentAuthoroddbill
    • CommentTimeMay 19th 2009
     (5894.1)
    I have been having a shitload of trouble with php exploits on my Wordpress blog lately. Something automated has been making them as the files affected are all datestamped in the exact same second even though they are scattered throughout the site.

    I've cleaned everything out twice now, and am awaiting google's clearing me of a hideous "potential attack site" flag. I've already upgraded to the most recent version of Wordpress via the nuclear option (I backed up and then obliterated the entire site, including the database - installed the new wordpress version and then carefully inspected and restored template files and database data). I previously wiped my desktop machine's hard drive and reinstalled windows to clear out any potential lingering malware or keyloggers that might have infested my machine. I've changed the administrative user's password for the website, the login for my web host account, and the ftp password, all from my innocent little OLPC which runs linux and can't possibly be infected. Since that, I haven't logged on to any of those things from my main PC.

    I've signed up with HackAlert to have my url monitored for exploits so hopefully I'll find out about it before google slaps the big scary screen in front of my pages again.

    I'm about done with the fucking internet, this is so much trouble.

    What I'd like to find out from all the Wordpress Website owners on whitechapel... what precautions do you take (or recommend) to prevent your site becoming the victim of hacks and exploits?
    • CommentAuthorhank
    • CommentTimeMay 19th 2009
     (5894.2)
    Patching regularly, ensuring that the permissions are set on the files in the most restrictive manner possible, dumping plugins that don't update regularly, frequenty changing password regimen.