IY eSolutions, search engine optimisation, Wordpress Development
IY eSolutions
Share

This morning, I received an email that one of the WordPress sites that we host had an advetr for Viagra on the front page.
Another dreaded hack.
For some reason, of all the WordPress sites that we host this one seems to attract more pharmaceutical hacks than any other.

So how did it manifest itself and how did it happen.
The first is easy. A line of code had been inserted which called upon a php page class-php.php which had been added to the wp-include file.

On downloading this file and opening with a text editor it was clear that this was bogus as it was had an eval(base64_decode()) function. Deleted pronto.

The good news is that it was only uploded the day before so no great harm done.

In addition, the database had to be searched for rogue commands and a search through wp-options table will highlight the problem.
There an excellent article on the Pearsonified blog on how to diagnose and sort this kind of hack.

So how did it happen? Difficult to say. I can say that it wasn’t through the internet host as their ftp access is very tightly controlled. As the above article points out it is likely to have been through WordPress itself.

Plugins are potential traps for the unwary and, interestingly enough, ASkimet, which is a plugin designed for anti spamming is a source of rogue code.

Not sure how this hack broke through but as a precaution we have downgraded the admin to subscriber and added a new user with admin privileges.

Additional top tips on how to improve your WordPress security include moving the wp-config file and changing prefix of tables. Neither of these is worth the trouble I feel as, in the former you could experience trouble with your theme (and it it would be obvious to hacker where it was located anyway) and in the latter, it is not difficult to search for the relevant tables. You could also block all IP addresses except your own via the htaccess file but that will only work if you have a static IP address.

So my top tips are:
Update all your plugins.
Keep WordPress up to date (although that wouldn’t have helped in this instance).
Deactivate plugins not required.
Only use the very best plugins.
Downgrade admin to subscriber and add a new user with full admin privileges.

You ain’t going to beat the hackers but you will keep them at bay.