Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


secure VPS with Vesta CP - Secure Wordpress site
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

secure VPS with Vesta CP - Secure Wordpress site

Hi All,
2 of my Wordpress installs were breached last week, injected with a lot of codes here and there, probably the whole Server (Ramnode VPS) was compromised.

I'd like to get advice on locking down my Box and harden security.
I've now made a new VPS with Debian7 min, changed SSH ports, blocked all email/ssh and other common ports. Should I enable Keys on SSH as it is recommended? looks to be tough task. I also have Vesta's firewall and fail2ban enabled.

Hardening Wordpress, I need suggestions. At the moment (and previously) the whole public_html folder had read/write permissions from the "additional FTP USER" assigned on that domain.

These 2 sites have been running for the past 2 years very well on a non LEB VPS without a single breach, but recently I shifted them to Ramnode 4GB VPS and in under a month they are hacked to smithereens.

I seek some tips and suggestions on hardening the security further. And I want to make sure that the provider's infrastructure is also not vulnerable. Please share your experiences...

Very Sincerely....!

Comments

  • How did your Wordpress sites get compromised?

    Anything in the logs? Was it a bad plugin? bad template?

  • Keep WP, themes and plugins updated. Read about file/folder permissions needed by WP and apply accordingly. Servers rarely get penetrated - its the running apps (php/WP) that can bring your VPS down. Therefore, your patching and hardening solutions should concentrate on php/WP.

  • Why it in offers category?

  • Wrong category and doubt it was Ramnode fault, since you are not sure its all speculation, you clearly didn't check the logs, its easy to lock a vps and wordpress, but its also easy to leave them wide open... since i dont know where the problem came i think that debian with vestacp will be fine, dont use the root user (unless needed), use large strong passwords both on the vps and wordpress, use sftp for uploads (so you are not sharing your password around), keep wordpress updated and wp login locked (by wp plugin, fail2ban, htaccess, two-factor authentican, whatever you feel more confortable with) and follow all other custom wordpress security tips, like moving wp-config, no admin user, no registration if you dont need it, etc etc

    Thanked by 1IWNet
  • jarjar Patron Provider, Top Host, Veteran
    edited December 2014

    Next time this happens, stat an altered file, find out what happened in the logs at that modify time. A compromised Wordpress site is so common that I would not even begin to search beyond the installation itself until you had proven, without a doubt, that it was not compromised by an exploit in the application, a theme, or a plugin. All you need is one entry point and it's all over from there.

  • Don't use any pirated or nulled themes and plugins too. It almost definitely injected with malicious script. Case in point: CryptoPHP.

    Thanked by 1vRozenSch00n
  • rename admin login to some other username stop brute forcing
    use Google capcha plugin to block brute forcing
    you can change wp-admin to something else
    install block bad queries
    install bullet proof security
    change db name or table names to something else besides wp_
    install cloudflare and block China or use iptables

    i done this for over 20 blogs and never got hacked. always update wp plugins etc everyday.

    i installed a forum the other day and after 1 day i had 30k posts and 200 bots. it's getting ridiculous

  • Thanks Everyone for the TIPS... I'm definitely doing the best of research and learning alot. Your Advices are going to prove Vital.

    About the Logs, Yes, I haven't had the time to go thru, as I was busy getting the Sites UP for my clients. But Yes I will definitely search thru them and try to grasp some evidence what went wrong.

  • BTW What is this doing in "offers" ?1

  • 1st: Sorry for posting this in wrong Category, I was numb at that time... Mods pls move it to "Help"

    2nd: Ok I'm done securing my new Server! However, I want to investigate the old server before washing it. Talking of logs (on ubuntu 14.04), Can you please let me know which all logs should be checked (detained) and "what" to look for in them specifically ?

Sign In or Register to comment.