________________________________________________

copyright 2013 Site Shack Web Designall rights reserved

Monday, June 17, 13

We’ve been designing and developing seo-optimized websites and digital media in

Nashville since January, 2004.

WordPress too? Yep. And WordPress training, tailored to your exact needs.

We are MyEMMA co-agents. We provide customized HTML Email Design

and Account Management.

Our work is mobile-friendly.

Owner, Site Shack Web Design

Judy Wilson

Monday, June 17, 13

Your WordPress siteis living in a high crime neighborhood.*

* Doesn’t matter if you’re on WordPress.com or using Wordpress.org.

Easy access is the key.

Monday, June 17, 13

How do they get in?

Hacks are most often delivered through cheesy credentials, old and/or evil software, themes, plugins + old, vulnerable scripts (such as the “timthumb script”) and cheap, poor-security

hosting environments.

WRONG:Username: admin

Password: mypassword

Monday, June 17, 13

Backdoors

Drive-by Downloads

Pharma Hacks

Malicious Redirects

Main Types of WordPress Hacks

Monday, June 17, 13

The Installation: Solid padlocks + lock your doors

and windows

Advanced Security: Multiple locks,+ burglar bars + alarm systems + guard dog (see Appendix below)

Before You Install: Map out your strategy

Monday, June 17, 13

2. Good Theme. Do not use any old free theme! Vet your premium theme! (including version appropriate)

Run a virus/malware check on the theme after you download/buy it.

Stay informed!

Before You Install: Map out your Strategy

1. Good Host. Do not use a “soup kitchen” host = high risk of cross contamination.

3. Good Plugins.Highly rated, updated often, check WordPress repository, correspond to your version of WordPress.

4. Backup regularly (your host should of course do this also) See the plugin “Backup Buddy.”

Monday, June 17, 13

The Installation: Lock Your Doors and Windows

1. Do NOT use “admin” for your user name.

2. Do NOT use a password that can be found in a dictionary or that you’ve ever used anywhere else at any time.

3. Do NOT use sequential numbers and/or letters.

4. Hire Sucuri to monitor your site: www.sucuri.net

5. Use 2-factor authentication: Already in place at Wordpress.com but you can use Google 2-step Authentication with Wordpress.org.

Monday, June 17, 13

The Installation: Lock Your Doors and Windows

3. Stop using FTP. Use SFTP -- call your host if you’re not sure about using SFTP. Note: There are multiple methods for FTP.

1. In your wp-config.php file: Salt your hashes aka use the “secret words.”

2. Do not use “wp” for your table prefix. Make up something non-sequential like “jnm.”

Monday, June 17, 13

The Installation: Lock Your Doors and Windows

1. Turn off trackbacks and pingbacks.

2. Comments ONLY when appropriate and always use Akismet.

3. Use your Administrator accounts for Administrator work (like setting up a new user). Use Editor, Author, Contributor and Subscriber for their appropriate tasks.

4. Remove themes and plugins that are not being used.

Monday, June 17, 13

The Installation: Lock Your Doors and Windows

2. Do you know where your backup is? Can you restore from it?

1. Confirm the correct folder permissions:

Folder permissions: 755File permissions: 644index.php: 666wp-config.php: 600

3. Consider a sandbox site and test your backup and restore procedure -- more than once. Then delete the website before you forget about it.

Monday, June 17, 13

Appendix

•Before You Install

•Recommended Hosts

•Advanced Security Techniques

•How Can I Tell I’ve Been Hacked?

•Cleaning and Remediation

•Miscellaneous Help

Monday, June 17, 13

Setup Google Webmaster Tools:Google Webmaster tools are an important resource for many reasons. But for site security, one of their best features is their email notifications of malware when it’s found on your site. As the verified site owner, you’ll be notified by email if malware is detected.

http://www.wpreads.com/2013/03/protecting-wp-config-and-htaccess-files-for-wordpress.html

https://www.google.com/webmasters/tools/home?hl=en

http://codex.wordpress.org/Hardening_WordPress

BEFORE YOU INSTALL

Monday, June 17, 13

http://wpengine.com/

http://websynthesis.com(Yoast hosts here.)

http://page.ly

Recommended Managed WP Hosts

Consider using a “Managed” WordPress host with malware scanning in place. These include curated plugins.

Monday, June 17, 13

Advanced Security:

WP-app firewall

There are many security modifications you can make to your .htaccess file.

http://www.tipsandtricks-hq.com/cool-wordpress-htaccess-tips-to-boost-your-wordpress-sites-security-1676

The .htaccess file

http://wordpress.org/extend/plugins/ose-firewall/

NOTE: .htaccess files (distributed configuration files) are processed first before any other code on your website.

http://wordpress.org/extend/plugins/bulletproof-security/

http://wordpress.org/extend/plugins/wordfence/

Multiple locks + burglar bars + alarm system + guard dog

Monday, June 17, 13

http://www.wpbeginner.com/plugins/improve-wordpress-security-with-google-authenticator/

Setting up 2-step authentication for Wordpress.org

http://codex.wordpress.org/Editing_wp-config.php#Disable_the_Plugin_and_Theme_Editor

http://codex.wordpress.org/Editing_wp-config.php

http://yoast.com/wordpress-ssl-setup/SSL setup info and tips from Yoast

Modifying the wp-config.file

Advanced Security: Multiple locks + burglar bars + alarm system + guard dog

Monday, June 17, 13

How Can I Tell I’ve Been Hacked?

http://aw-snap.info/file-viewer/Allows you to scan from different User Agents:

Use http://sitecheck.sucuri.net to run a scan to find malware and blacklist info.

http://wordpress.org/extend/plugins/sucuri-scanner/

http://wordpress.org/extend/plugins/gotmls/

http://wordpress.org/extend/plugins/wordfence/

WordPress Plugins

Do some scanning:

Monday, June 17, 13

• Displaying popups that you didn't implement.

• Displaying odd text in your footer or in the "View Source."

• Links to other sites or auto-linking of keywords that you didn't create links for.

• Seeing obfuscated / encoded text in plugins.

• Website redirecting (immediately or after a short length of time) to another URL.

• A friend calls/texts/emails you that your site is directing users to Dr. Dre’s

Headphones, or “performance enhancing” or pain medication drugs etc.

• Style sheet formatting has disappeared.

• You can’t login to your wp-admin.

• New files appearing in themes folder or anywhere else (look for a recent or

atypical date via FTP; when you open these pages, they may appear to contain

binary code.)

Uh oh. I think it’s too late.How Can I Tell I’ve Been Hacked?

Monday, June 17, 13

1. Stay calm. You could make it worse by anxiously jumping in and trying to fix the problem.

2. Scan your local machine / hard drive.

3. Scan your site. There are many good tools and WordPress plugins to help with this. This will help identify the infected files and folder etc.

4. Check with your hosting provider. Call them. You can call them, yes?

5. You’ve already updated, changed all passwords?

6. Add new salts or “secret keys.”

7. Check your files. Start with your .htaccess file to being looking for malicious code.

WordPress (with some help) suggests:Cleaning & Remediation:

Have SSH root access? http://wp.smashingmagazine.com/2012/10/09/four-malware-infections-wordpress/

Monday, June 17, 13

1. Can you identify the type of hack? This may make the cleanup easier.

2. Run a fresh backup and then . . .

3. Backup from an older backup that you believe predates the hack.

4. No backup? Hmm. Seriously consider taking down and trashing the site.

5. Restored from backup? Change passwords again.

6. Secure your site with recommended security measures.

7. Do a post-mortem. How did this happen?

8. Compare your WordPress files to those in a clean install. Open up files. Do you see something that refers to base64_decode? That’s at least one of the hack.

9. Can’t find the malware? Disable your plugins (rename the directory). If the infection is in a plugin, the scan will show as clean.

Cleaning & Remediation:

Monday, June 17, 13

http://codex.wordpress.org/FAQ_My_site_was_hacked

http://www.unmaskparasites.com/

http://blog.sucuri.net/2011/02/cleaning-up-an-infected-web-site-part-i-wordpress-and-the-pharma-hack.html

Suggestions from Sucuri http://blog.sucuri.net/2012/07/website-malware-removal-wordpress-tips-tricks.html

Know command line and have SSH access?

Cleaning up your site at Google http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163634

https://raamdev.com/2013/cleaning-evalbase64_decode-from-a-hacked-wordpress-website-via-ssh/

Cleaning & Remediation:

Monday, June 17, 13

Cleaning & Remediation:

http://www.stopthehacker.com

http://www.sucuri.net

http://www.sparktrust.com

If all else fails (and before you torch the site): Hire someone:

Monday, June 17, 13

http://www.unmaskparasites.com/malware-warning-guide/#request

Cleaning & Remediation: Tools

http://www.stopbadware.org/request-review

StopBadware performs independent reviews of websites that are blacklisted for badware by our data providers.

http://wordpress.org/extend/plugins/wordfence/

http://blog.aw-snap.info/2012/07/malware-removal-vendors.html

Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don't have backups.Wordfence is now Multi-Site compatible.

Monday, June 17, 13

Miscellaneous Help

http://blog.page.ly

http://wp.smashingmagazine.com

http://tonyonsecurity.com/

Excellent forum on malware:https://www.badwarebusters.org/

http://aw-snap.info/

Tony Perez’s blog COO/CFO Sucuri

Smashing Magazine WordPress site

Excellent hacked info and tools

https://www.udemy.com/how-to-secure-wordpress-blog-or-website-for-beginners/?

http://labs.sucuri.net/?malwareSee what Sucuri picks up in its malware scans.

Monday, June 17, 13

Safe travels and happy trails with WordPress!

Judy Wilsonwww.Site-Shack.com

Nashville, TN

from site-shack

Monday, June 17, 13