Bach Seat

With all of the hubbub over the recent Labor Day WordPress worm. The worm caused every installation not hosted at WordPress.com to be suspected of being at risk. In response to the worm, WordPress pushed out WordPress 2.8.5, a “hardening patch” it is time to get some help with WP security.

One of the tools I found is the WordPress Exploit Scanner plugin by Donncha O Caoimh. The Exploit Scanner does a number of things to help you manage your WordPress installation. The scanner installs on the WP dashboard and compares your sites’ files against an MD5 hash of the WordPress files for the version of installation you’re running. The scanner ignores files that are present but it does not have a hash for. If your hash’s don’t match then you have a problem. It also looks for suspicious code in your files that may have been deposited by attackers. It looks for “invisible” text through CSS; the use of iframes to embed code from other sites; and base 64 encoding, which can be used to obfuscate entire programs. It will also look through your posts and users to see if there’s anything suspicious or spammy about them.

This tool is not designed to identify new files, it identifies altered core WordPress files. According to the author’s website, It will not stop someone from hacking into your site, but it may help you find any uploaded or compromised files left by a hacker.

rb-

Besides staying current on patches (déjà vu MSFT) and implementing a tool like the Exploit Scanner, turning off “user registration” is probably one of the simplest and most effective ways of “hardening” WordPress. Hopefully, WP will fix this in version 2.9 so the community aspect of WP can be securely turned back on.

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.