homepage Welcome to WebmasterWorld Guest from 54.167.138.53
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

    
make MySQL more secure
account hacked
smallcompany




msg:4377440
 2:51 am on Oct 21, 2011 (gmt 0)

Today I went through finding out that my WP blog was hacked and some low IQ text put in.

It turned that it was the INDEX page that was changed, as well as the user_name in My SQL database. I fixed it by logging into My SQL via phpMyAdmin from CP, and by running the brand new installation of WP.

I believe that the hack was done via MySQL, probably automated. I just believe this.

And I wonder if there are any extra settings that I can put in to make those so called MySQL injections, phpMyAdmin hacks, and similar at least one step away when compared to where it is now.

Thanks

 

Frank_Rizzo




msg:4377601
 11:21 am on Oct 21, 2011 (gmt 0)

1. Don't use shared hosting. Use a dedicated server
2. Make sure WP is always upto date.
3. Install WP plugins such as

Website Defender
Exploit Scanner
Login LockDown
Secure Wordpress
TAC (Theme Authenticity Checker)
User Locker

4. Follow twitter accounts and blogs such as [blog.sucuri.net...]
5. Make sure your PC is fully protected and regularly updated.

lorax




msg:4377605
 11:48 am on Oct 21, 2011 (gmt 0)

Shared Hosts vary in their level of security. Some are definitely better than others. I assume your install of WP was up to date and that you had secure salts?

Straight from the creator: Hardening WordPress [codex.wordpress.org...]

rocknbil




msg:4377709
 4:40 pm on Oct 21, 2011 (gmt 0)

I wouldn't chock it up to mySQL, I'd chock it up to Wordpress. A good indicator would be, if you'd tried it, to just re-upload your local Wordpress files - that **usually** fixes it, especially if you don't find anything injected in the database.

The ones I've seen always involve the main page and always involve modification of files, not database content (doesn't mean other forms don't exist, but that's what I've seen.)

SteveWh




msg:4377886
 12:34 am on Oct 22, 2011 (gmt 0)

In addition to all of the above,

1. Also ensure all WP plug-ins are up to date.

2. Ensure your passwords for FTP/control panel, WP admin, MySQL are all different from each other and are all strong ones like ?:YC'^>s9m)E or DL2tF4bVsI7qW3.

3. If your control panel provides the option, check to ensure that MySQL connections are not allowed from outside the server (that is, no external connectivity).

4. If you use the TimThumb WP plug-in, do a web search on the vulnerability that was recently found in it, and install the updated version.

5. If your server uses suPHP (if it does, a file created by PHP will be shown as owned by your userID), you can protect the file containing your database info (wp-config.php) from being read by any other user on the same server, by setting its permissions to 0600. If you don't use suPHP (in this case, files created by PHP are shown as owned by "nobody" or "wwwdata" or anyone other than your userID), then you cannot use this method; don't change the permissions.

6. If your server provides SSH access but you don't use it, turn it off in control panel or WHM if there's a place provided for you to do that.

lorax




msg:4378107
 8:49 pm on Oct 22, 2011 (gmt 0)

@rocknbill

But the hackers could have come in from another website - it's not clear how they got in. WordPress (an any CMS) are vulnerable if they are not tightened down and kept up to date. Heck, the same is true for Apache and MySQL updates. :)

SteveWh




msg:4378171
 12:07 am on Oct 23, 2011 (gmt 0)

as well as the user_name in My SQL database


They changed the name of your MySQL user? That seems very strange.

Make sure that the user/password combination that you use for your WordPress MySQL database is not the same as your cpanel userID/password combination.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved