Posts Tagged ‘security’
Web 101: Fixed a hacked site and prevent it from happening again – Part 2
September 16, 2008 by Emily
Web 101
In my previous post I talked about what to do to fix a hacked site. This post is about things you can do to make WordPress more secure so that something like that doesn’t happen again (or ever). The basic things were mentioned in the last post: change your passwords regularly, use strong passwords and always have the most current version of WP. But here are some other things you can do:
4 commentsWeb 101: Fixed a hacked site and prevent it from happening again – Part 1
September 9, 2008 by Emily
Web 101
A client and Swank hostee emailed me a few days ago because her browser had notified her that her blog had been marked as suspicious by Google and she didn’t know how or why that had happened. Further checking revealed that google had found malicious software being downloaded and installed without user consent. Her site had been hacked and the hacker had added malicious code to her blog template.
Unfortunately, this can happen to anyone and there are a myriad of ways that a hacker can get into your site. I believe in this instance that the hacker was able to guess her password, which was a very simple name. So what is one to do if your site is hacked? My client had no clue and I know that not everyone has a trusted designer or tech support that they can email with problems such as these (plus speed is key, so waiting around for help can be frustrating), so I thought I’d write up a checklist of things you should do to remove malicious code from your hacked site and prevent it from happening again (or ever if it hasn’t happened yet). I’m specifically going to be using WordPress blogs as an example since almost my entire clientele uses WordPress, but most of these things can be applied to all content management systems.
WordPress 2.5.1
April 25, 2008 by Emily
News
2.5.1 was released today, so if you been waiting to upgrade, now’s the time to do it. This new release contains one important security fix for 2.5, so it’s important you upgrade soon.
If you are just concerned with fixing the security issue you may download and replace these files:
But you should really upgrade everything as 2.5.1 contains many bug fixes and improvements, including:
- Performance improvements for the Dashboard, Write Post, and Edit Comments pages.
- Better performance for those who have many categories
- Media Uploader fixes
- An upgrade to TinyMCE 3.0.7
- Widget Administration fixes
- Various usability improvements
- Layout fixes for IE
Also, as of 2.5 they’ve added an extra security measure to WordPress. This involves adding a “secret key” to your wp-config.php file. This measure will improve cookie security. All you need to do is go to this website and copy and line it shows you into your wp-config.php file underneath the database info. Every install of WP you have should have a different random “secret key” (you can just keep refreshing the website to get new ones). And don’t worry, you’ll never need to remember this key so the more random the better.
