WordPress posts polluted, how to prevent it?

1 Views

I have a simple WordPress website for a local fitness club http://atanas-georgiev.com/ . I recently decided to check it out and see if anything is broken unfortunately its posts was hijacked with malicious script that inserted some link <a> tags that was forwarding the user to difference sites.
I have saved the scripts before removing them and here are they.
https://gist.github.com/AdelinGhanaem/56db49f8d24e6f7f04c6

  1. I want to know how this could happen ?
  2. How can someone do it with XSS attacks ?
  3. How to prevent it from happening again ?
  4. Any WordPress plugins for security ?
Post Views: 1

Related posts

2 comments

  1. If you have a VPS or dedicated server, then check your logs. Hopefully someone might have left a fingerprint somewhere. Or if you are using a shared host, then you can ask them to look into this for you.

    Mostly this happens by having a weak password that could be found in dictionary. Just follow these steps for any new wordpress project and you will save a lot of headaches in the future.

    1. Use a strong password (that cannot be found in a dictionary with
      capitalized, alpha numberic and special characters)
    2. Always delete the admin user, and create a new admin account with another
      username. (by choosing admin as the username 50% of the effort is
      reduced as he now only has to guess the password)
    3. Always rename the wordpress db table prefix to something else. (There is a reason wordpress gives you this option while installing so you can avoid sql injections)
    4. If you using VPS always never use root account, always create another user and use that for all communication. And if possible try to use sftp, where you also need a key file besides the user/pass. so it becomes very hard for any one to get their hands on the key.
    5. Always remove the theme editior functionality from the admin. Normal users dont use it anyways by if someone gets access to the admin, he wont be able to do any changes to the code itself.
    6. Try to use a good firewall, something like wordfence pro where you can get support and reports of any activities.

  2. If it’s only in your posts, maybe consider to have a captcha for guests if they want to post to the site.

    WordPress is very vulnerable to such attacks. There are a lot of things you can do to stop this. Some simple tips :

    1. Keep your WordPress core up-to-date , most minor updates to WordPress are security updates.
    2. Have a decent hosting which supports WordPress. A hosting that offers WordPress installs also have scripts which stop the most common WordPress attacks.
    3. If you are asking for plugins: Wordfence & Askimet are popular plugins which help with security.
    4. Don’t use the wp_ prefix in your database but change it to something custom. A hacker woud have to guess the prefix if it’s custom.
    5. For advanced tips: https://premium.wpmudev.org/blog/keeping-wordpress-secure-the-ultimate-guide/ This guide gives a good in-depth guide on security

    On the question of how it can happen the link above has an estimate of that:

    • 41% were hacked through a security vulnerability on their hosting
      platform
    • 29% were hacked via a security issue in the WordPress Theme
      they were using
    • 22% were hacked via a security issue in the WordPress
      Plugins they were using
    • 8% were hacked because they had a weak
      password

Comments are closed.