global attack on wordpress installations to crack open admin accounts
and inject various malicious scripts.
enforcement agency about a massive attack on US financial institutions
originating from their servers.
most of the attack was originating from CMSs (mostly wordpress). Further
analysis revealed that the admin accounts had been compromised (in one
form or the other) and malicious scripts were uploaded into the
installations across hosting providers are being targeted. Since the attack
is highly distributed in nature (most of the IP’s used are spoofed), it
is making it difficult to block all malicious data.
- Update and upgrade your wordpress installation and all installed plugins
- Install the security plugin listed here
- Ensure that your admin password is secure and preferably randomly generated
- Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress
- Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup
- Remove README and license files (important) since this exposes version information
- Move wp-config.php to one directory level up, and change its permission to 400
- Prevent world reading of the htaccess file
- Restrict access to wp-admin only to specific IPs
- A few more plugins – wp-security-scan, wordpress-firewall,
ms-user-management, wp-maintenance-mode, ultimate-security-scanner,
wordfence, http://wordpress.org/extend/plugins/better-wp-security/. These may help in several occasions.