I was reading over at Malware Diaries, about a hacker that doesn’t secure his exploits. What gets me is that I am so surprised that he did that, then I thought about it and I read what Trend Micro had to say about it:
Creating a website is indeed a big task but, considering the present threat landscape, monitoring it and keeping it secure from attacks is a bigger one.
Website administrators have the responsibility to keep their systems malware free, secure web server files from unauthorized access, and keep their website clean of malicious codes, for their own sake and most especially, their visitors’.[via Trend Micro blog]
[ad]Now admittedly Trend talks about the [intlink id=”3578″ type=”post”]Gumblar[/intlink] and how they compromise websites with either a FTP password stealer or and SQL Injection. These are a common practice with hackers and thief to get the credentials to use your server for their means. So I wanted to talk about some things you can do to better protect your WordPress blog. Since I have a WordPress Blog this was something I know about.
- WordPress Security Scan — This is a great plugin to help you identify and also suggests how you can fix them to prevent a hacker from getting in the first place.
- Block Wp-Folders from being Indexed — This can be done by going to your robots.txt file and making sure it says:
- Protect your Wp-admins folder — Attackers can use brute force attacks to without much waiting to get access to your Wp-admin page so you should:
Disallow: /wp-*
- Login Logger Plugin — This is good to see if anyone is trying to login and keeps a log for those instances where you might need to block a certain IP in the .httpaccess file section.
- Limit Login Attempts plugin — This has a set amount of login before that IP is locked out for a certain amount of time. You can have it set to what you want an hour or more, it just depends on your preference.
- Bad Behavior — This is a good little plugin to help with spam such as referral spam and comment spam. I’ve been using it for the past few months and my referral spam has dropped drastically to almost Zero.
These are just a few things I’ve done to help protect my blog and protect my community and users. I will not disclose everything because I have to keep those bad guys from getting in but I have I hope started you in the right direction. I would also suggest using something like [intlink id=”2646″ type=”post”]Roboform[/intlink] that comes with a password generator to use that with your wordpress login password. This will also help prevent from gaining access easily.
