WordPress Sites Being Hacked Globally

As we are aware that many Huevia customers have wordpress installations across our web hosting environment, we want to make you aware of attacks targeting CMS (content management system) sites but more specifically wordpress sites. Over the past few days many hosting companies have reported massive wordpress installations hacked and used to attack other websites, including financial institutions.

It does not appear that any major security exploit is being utilized for these attacks, instead the attacks are targeted at wordpress sites that are using “admin” as username and commonly used passwords. Once the admin account is accessed various malicious scripts are injected into the wordpress install.

While we do our best to secure our network and servers from all types of attacks, this attack is happening at a global level and is highly distributable in nature (most of the IP’s used are spoofed), making it difficult for us to block all malicious data.

To ensure that your websites are secure and safeguarded from this attack, we recommend the following steps:

  1. Update and upgrade your wordpress installation and all installed plugins
  2. Install the security plugin listed here
  3. Ensure that your admin password is secure and preferably randomly generated
  4. Other ways of Hardening a WordPress installation are shared at http://codex.wordpress.org/Hardening_WordPress

These additional steps can be taken to further secure wordpress websites:

  • Remove README and license files (important) since this exposes version information
  • Move wp-config.php to one directory level up, and change its permission to 400
  • Prevent world reading of the htaccess file
  • Restrict access to wp-admin only to specific IPs
  • A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence, http://wordpress.org/extend/plugins/better-wp-security/. These may help in several occasions