WordPress Sites Being Hacked; Are You Safe?

Over the last few months, hundreds of Wordpress-powered websites were hacked so that they redirected readers to malware sites. This was not the result of a vulnerability with Wordpress per se. Rather, the culprit seems to be a lax file-access setting that allowed any visitor to access a file that contained database configurations, which were used to hack the website.

I have a written a brief guide on securing WordPress. Item 8 is spot on here: set your permission properly. I use WP Security Scan to make sure that all the key files are set to the strictest settings that allow WordPress to function normally. You can make the necessary changes using the File Manager on CPanel. However, take this chance to make sure that all of these security settings have been instituted on your WordPress blog.

The only additional plugin I have used since writing the previous guide is the Antivirus plugin. Unfortunately, this plugin is useful only when your blog is working perfectly. Make sure your blog is clean before installing Antivirus. Then run a manual scan. It will likely find many suspicious sections of code in your theme files, which you should designate as not a virus so they won't be flagged on a later scan. Then set the plugin to email you when it finds new suspicious code. Apparently, Antivirus would have warned infected WordPress bloggers of this new hack.

Comments

Popular posts from this blog