WordPress Under Attack From Cyber Criminals

As I write this blog post, there is an on going and highly distributed, global attack on WordPress installations to crack open admin accounts and inject various malicious scripts.

20130413-114115 PM.jpg

To give you a little history, a major law enforcement website describes about a massive attack on many US financial institutions originating mostly from WordPress installations.

A detailed analysis of the attack pattern found out that most of the attacks was originating from CMSs (mostly wordpress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories.

Today, this attack is happening at a global level and wordpress instances across many hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), thus making it difficult to track where the attacks of malicious data are coming from.

To ensure that your website or websites if you have multi installations are secure and safeguarded from this attack, we recommend the following steps:

Always Update and upgrade your wordpress installation and all installed plugins !

Install the security plugin listed here

Ensure that your admin password is secure and preferably randomly generated

Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress

These additional steps can be taken to further secure wordpress websites:

Disable DROP command for the DB_USER .
This is never commonly needed for any purpose in a wordpress setup

Remove README and license files (important) since this exposes version information

Move wp-config.php to one directory level up, and change its permission to 400

Prevent world reading of the htaccess file

Restrict access to wp-admin only to specific IPs

A few more plugins to search for from within your dashboard – wp-security scan, wordpress firewall, ms user management, wp maintenance mode, ultimate security scanner, wordfence,


Also, we recommend using Cloudflare, which is now available free with all hosting plans at Euhost and is located in your cPanel account, this helps to
prevent the attack from affecting the functionality of your site.