|make MySQL more secure|
| 2:51 am on Oct 21, 2011 (gmt 0)|
Today I went through finding out that my WP blog was hacked and some low IQ text put in.
It turned that it was the INDEX page that was changed, as well as the user_name in My SQL database. I fixed it by logging into My SQL via phpMyAdmin from CP, and by running the brand new installation of WP.
I believe that the hack was done via MySQL, probably automated. I just believe this.
And I wonder if there are any extra settings that I can put in to make those so called MySQL injections, phpMyAdmin hacks, and similar at least one step away when compared to where it is now.
| 11:21 am on Oct 21, 2011 (gmt 0)|
1. Don't use shared hosting. Use a dedicated server
2. Make sure WP is always upto date.
3. Install WP plugins such as
TAC (Theme Authenticity Checker)
4. Follow twitter accounts and blogs such as [blog.sucuri.net...]
5. Make sure your PC is fully protected and regularly updated.
| 11:48 am on Oct 21, 2011 (gmt 0)|
Shared Hosts vary in their level of security. Some are definitely better than others. I assume your install of WP was up to date and that you had secure salts?
Straight from the creator: Hardening WordPress [codex.wordpress.org...]
| 4:40 pm on Oct 21, 2011 (gmt 0)|
I wouldn't chock it up to mySQL, I'd chock it up to Wordpress. A good indicator would be, if you'd tried it, to just re-upload your local Wordpress files - that **usually** fixes it, especially if you don't find anything injected in the database.
The ones I've seen always involve the main page and always involve modification of files, not database content (doesn't mean other forms don't exist, but that's what I've seen.)
| 12:34 am on Oct 22, 2011 (gmt 0)|
In addition to all of the above,
1. Also ensure all WP plug-ins are up to date.
2. Ensure your passwords for FTP/control panel, WP admin, MySQL are all different from each other and are all strong ones like ?:YC'^>s9m)E or DL2tF4bVsI7qW3.
3. If your control panel provides the option, check to ensure that MySQL connections are not allowed from outside the server (that is, no external connectivity).
4. If you use the TimThumb WP plug-in, do a web search on the vulnerability that was recently found in it, and install the updated version.
5. If your server uses suPHP (if it does, a file created by PHP will be shown as owned by your userID), you can protect the file containing your database info (wp-config.php) from being read by any other user on the same server, by setting its permissions to 0600. If you don't use suPHP (in this case, files created by PHP are shown as owned by "nobody" or "wwwdata" or anyone other than your userID), then you cannot use this method; don't change the permissions.
6. If your server provides SSH access but you don't use it, turn it off in control panel or WHM if there's a place provided for you to do that.
| 8:49 pm on Oct 22, 2011 (gmt 0)|
But the hackers could have come in from another website - it's not clear how they got in. WordPress (an any CMS) are vulnerable if they are not tightened down and kept up to date. Heck, the same is true for Apache and MySQL updates. :)
| 12:07 am on Oct 23, 2011 (gmt 0)|
|as well as the user_name in My SQL database |
They changed the name of your MySQL user? That seems very strange.
Make sure that the user/password combination that you use for your WordPress MySQL database is not the same as your cpanel userID/password combination.