New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Securing the wp-admin and blacklisting failed login?
What exactly do you want to "secure"?
Wordpress and server
What kind of webserver do you use?
Nginx/Apache? Using Cpanel or bare install from ssh?
Do you use vps or shared hosting?
OP says hes using Nginx.
I would follow this guide first: http://codex.wordpress.org/Hardening_WordPress
Nginx VPS
I used this: http://freevps.us/thread-7315.html
Usually, for securing the wp-admin, I add the following line to my Nginx configuration file :
location /wp-admin{ # Add your whitelisted IP here allow 208.84.1xx.xxx; deny all; }Use the following plugin to add more security :
Next, move the default port for ssh from 22 to another port.
Install csf/firewall/rootkit hunter/clamav/antivirus. Make backup of the files in multiple locations/from different providers.
> location /wp-admin{ > # Add your whitelisted IP here > allow 208.84.1xx.xxx; > > deny all; > } >Really good points. I would also recommend disabling root login completely.
Some good stuff to go through:
http://www.labnol.org/internet/wordpress-optimization-guide/3931/
http://www.labnol.org/internet/improve-wordpress-security/24639/
My site keeps getting hacked, I restored it yesterday updated all wordpress. And today they somehow got in again because they can ban members on our xenforo forum but there is no logs of members getting banned as they are doing it from the database I think.
And they keep threatening if you ban us then we'll hack etc.
If someone can help us that would be great.
Edit: At the moment I have closed the site.
fail2ban
@muj shared hosting / VPS?
Changed EVERY admin password? And the MySQL passwords? And the account password?
If they're doing it from DB and you don't have any outside connections needed, also make sure to block MySQL's port using iptables or csf.
if unsure, maybe hire someone from here to help you. could probably be a short time of work
What plugins are you using? Are there any know exploits with them?
Hi,
If you like I can secure the VPS/Server its on just a few default things like changing ssh port, Making a wheel user and disabling root, Securing mysql, Mounting temp, and a few other things. If your interested drop me a pm.
Cloudflare + Lock down your HTACCESS + Firewall or other reputable security plugin + Change wp-admin directory + put a password lock on the wp-admin folder + hide your wordpress version.
Not speaking from experience but I do have some knowledge about wordpress. Typically if someone was going to exploit Wordpress its self they would want the version to find exploits for that version and alternatively you can also enumerate the sites plugins which is why it's a good idea to ONLY use absolutely necessary plugins as most exploits are around plugins.
Providing you use something such as wordfence to prevent bruteforcing etc and hide your admin directory + password it and keep your plugins safe from being enumerated e.g. up to date and only necessary ones you should be fine.
Themes are also vulnerable sometimes so make sure you use a theme preferably not free or pirated as it could contain a backdoor of some sort.
Other then the above general security methods are advised and of course you need to be aware of sqli and directory browsing etc.
Also make sure your HTACCESS is locked down.
Thanks.
This, and this a few more times.
Research the plugins you're going to install - If there have been exploits in the past, how fast did the developers plug the problem?
Subscribe to the wp-hackers mailing list to keep yourself informed about the latest developments in the plugin scene and keep your damn install updated.
Disable XML-RPC
WP-Scan I think it is is quite good for exploiting wordpress sites and checking your site for vulnerabilities.
Come again?
Yes, that's what it's used for. It's for penetration testing. If you check your site you will know it's safe. It primarily does plugin enumeration as I've previously mentioned.
Is there a chance my VPS provider may suspend me if I run it on my VPS for checking a site hosted on another VPS?
Maybe, I imagine most will not approve. If you open a ticket to alert us, you can run it as much as you want presuming you own the site you're scanning. I'd recommend using your home network assuming you own the site.
I don't know the legalities of scanning other sites but I imagine they wouldn't be best pleased and would take logs and if you're using a legitimate connection that could cause you unintended grief.
I'd probably check with your host and explain though, I can't see why they would care.
Thanks.
Thanks. I made a support ticket to UGVPS to give them a heads up. Ever since they disabled SolusVM, two of my VPSes have been sitting idle. Eager to check out wp-scan. I had a Wordpress attack last year which led to Google blacklisting my domains for a week, and the search results remaining as blacklisted for a month. Rather trying times.
Maybe they have injected the exploit in your backups.
you could also check better wordpress security plugin: http://wordpress.org/plugins/better-wp-security/ It helps a lot in securing wordpress installation.
Thanks for all your help, I found the shell script it was encrypted with base64 in wp-content/uploads/2013/07/config.php
Cleaned VPS and restored the backup.
I think they exploited it with Timthumb or Contact Form 7.
Also thanks to @Ishaq for helping me