{"id":1341,"date":"2009-10-23T21:29:06","date_gmt":"2009-10-24T01:29:06","guid":{"rendered":"http:\/\/rbach.net\/blog\/?p=1341"},"modified":"2022-12-30T12:19:43","modified_gmt":"2022-12-30T17:19:43","slug":"wordpress-security-help","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/wordpress-security-help\/","title":{"rendered":"WordPress Security Help"},"content":{"rendered":"<p><a href=\"https:\/\/web.archive.org\/web\/20180111032336\/https:\/\/www.engineering.com\/Blogs\/tabid\/3207\/ArticleID\/7391\/Persistent-Security-Threats-Push-Organizations-to-Continuous-Vulnerability-Monitoring.aspx\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-110981 size-thumbnail\" title=\"WordPress Security Help\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/computer_security-6.jpg?resize=75%2C64&#038;ssl=1\" alt=\"WordPress Security Help\" width=\"75\" height=\"64\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/computer_security-6.jpg?resize=75%2C64&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/computer_security-6.jpg?resize=150%2C127&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/computer_security-6.jpg?w=333&amp;ssl=1 333w\" sizes=\"auto, (max-width: 75px) 100vw, 75px\" \/><\/a>With all of the hubbub over the recent <a href=\"https:\/\/web.archive.org\/web\/20150627012210\/http:\/\/www.fiercecontentmanagement.com\/story\/wordpress-worm-dangerous-easily-fixed\/2009-09-09-0\" target=\"_blank\" rel=\"noopener noreferrer\">Labor Day WordPress worm<\/a>. The worm caused every installation not hosted at WordPress.com to be suspected of being at risk. In response to the worm, WordPress pushed out WordPress 2.8.5, a \u201c<a href=\"http:\/\/wordpress.org\/development\/2009\/10\/wordpress-2-8-5-hardening-release\/\" target=\"_blank\" rel=\"noopener noreferrer\">hardening patch<\/a>\u201d it is time to get some help with WP security.<\/p>\n<p><a href=\"https:\/\/wordpress.org\/\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-110983 size-thumbnail\" title=\"Wordpress logo\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/WordPresslogo.png?resize=75%2C75&#038;ssl=1\" alt=\"Wordpress logo\" width=\"75\" height=\"75\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/WordPresslogo.png?resize=75%2C75&amp;ssl=1 75w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/WordPresslogo.png?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/WordPresslogo.png?resize=768%2C768&amp;ssl=1 768w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/WordPresslogo.png?w=1000&amp;ssl=1 1000w\" sizes=\"auto, (max-width: 75px) 100vw, 75px\" \/><\/a>One of the tools I found is the <a href=\"http:\/\/ocaoimh.ie\/exploit-scanner\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress Exploit Scanner plugin<\/a> by <a href=\"http:\/\/ocaoimh.ie\/\" target=\"_blank\" rel=\"noopener noreferrer\">Donncha O Caoimh<\/a>. The Exploit Scanner does a number of things to help you manage your WordPress installation. The scanner installs on the WP dashboard and compares your sites\u2019 files against an MD5 hash of the WordPress files for the version of installation you&#8217;re running. The scanner ignores files that are present but it does not have a hash for. If your hash&#8217;s don&#8217;t match then you have a problem. It also looks for suspicious code in your files that may have been deposited by attackers. It looks for &#8220;invisible&#8221; text through CSS; the use of iframes to embed code from other sites; and base 64 encoding, which can be used to obfuscate entire programs. It will also look through your posts and users to see if there&#8217;s anything suspicious or spammy about them.<\/p>\n<p>This tool is not designed to identify new files, it identifies altered core WordPress files. According to the author\u2019s <a href=\"http:\/\/ocaoimh.ie\/exploit-scanner\/\" target=\"_blank\" rel=\"noopener noreferrer\">website<\/a>, It will not stop someone from hacking into your site, but it may help you find any uploaded or compromised files left by a hacker.<\/p>\n<p><strong><em>rb-<\/em><\/strong><\/p>\n<p><em>Besides staying current on patches (d\u00e9j\u00e0 vu MSFT) and implementing a tool like the Exploit Scanner, turning off &#8220;user registration&#8221; is probably one of the simplest and most effective ways of &#8220;hardening&#8221; WordPress. Hopefully, WP will fix this in version 2.9 so the community aspect of WP can be securely turned back on.<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Labor Day WordPress worm where nearly every WP installation was suspected of being at risk brought about WP 2.8.5, a \u201chardening patch\u201d for more WP security.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3216,23,2540,4,84,97],"class_list":["post-1341","post","type-post","status-publish","format-standard","hentry","category-security","tag-3216","tag-malware","tag-patching","tag-security","tag-wordpress","tag-worm"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/1341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=1341"}],"version-history":[{"count":6,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/1341\/revisions"}],"predecessor-version":[{"id":131516,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/1341\/revisions\/131516"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=1341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=1341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=1341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}