As I write this post, there is an on going and highly distributed, global attack on WordPress installations to crack open admin accounts and inject various malicious scripts. The attack is against the log in page for WordPress installations.
We did a detailed analysis of the attack pattern and found out that most of the attack was originating from CMSs (mostly WordPress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories.
Yesterday the attack was a global level and wordpress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is making it difficult for us to block all malicious data.
To ensure that you or your customers’ websites are secure and safeguarded from this attack, we recommend the following steps:
- Update and upgrade your wordpress installation and all installed plugins.
- Install a security plugin. Better WP Security plugin is very powerful and popular.
- Ensure that your admin password is secure and preferably randomly generated. You may apply password more than 8 characters, upper and lowercase letters, numbers and special characters.
- Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress.
These additional steps can be taken to further secure wordpress websites:
- Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup
- Remove README and license files (important) since this exposes version information
- Move wp-config.php to one directory level up, and change its permission to 400
- Prevent world reading of the htaccess file
- Restrict access to wp-admin only to specific IPs
- A few more plugins – wp-security-scan, wordpress-firewall, WordPress Firewall 2, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, BulletProof Security, Better WP Security. These may help in several occasions.