My Wordpress website has been hacked!

Transcript

1. My Wordpress Site has been hacked!! 21.03.13 linkedin.com/in/didgeroo linkedin.com/in/jontybrook Friday,

   22 March 13

2. • Chris Skitch, Founder, Didgeroo • Jonty Brook, Infinite WP

   Friday, 22 March 13

3. Overview • How do I know if my site has

   been hacked? • How was it hacked? • How do I fix it? • How do I stop it happening again? Friday, 22 March 13

4. How do I know if my website has been hacked?

   Friday, 22 March 13

5. Friday, 22 March 13 Defacement - possibly geo/time/browser specific eg.

   defaced website may appear only to IE users in North America. Therefore can easily go unnoticed.

6. Friday, 22 March 13 An entire Phising site may existing

   in your wp-uploads folder without you knowing.

7. Friday, 22 March 13 Google search results may display malware

   warning for your website

8. Friday, 22 March 13

9. How was it hacked? • Password compromised • Unvetted Plugins,

   Themes and Scripts • Wordpress vulnerabilities (core / plugins / themes) • Why Wordpress? Friday, 22 March 13 Common points of entry - Password compromised - brute force - email interception - phishing - Unvetted Plugins, Themes and Scripts i.e. downloading from File Hosting sites (rapidshare etc) - Wordpress vulnerabilities (core / plugins / themes) - Microsoft syndrome - Wordpress today is a massive target - http://w3techs.com/technologies/overview/content_management/all - Vulnerability example - TimThumb http://ma.tt/2011/08/the-timthumb-saga/

10. How do I fix it? • Run a scan •

    Restore from clean backup • Change passwords • GWT - request malware review Friday, 22 March 13 1. Run a security scan 1. security scanner comparison (Sucuri vs Wordfence) 2. demo Wordfence 2. Restore from clean backup (delete site first) 3. Change passwords (FTP/MYSQL/Wordpress) 4. Google Webmasters Tools - request malware review

11. Wordfence Demo Friday, 22 March 13 Common malware 1. malicious

    .php files 1. new files 2. modified files 2. .htaccess (can be used to deliver payloads) 3. !! Site may have been compromised months prior to defacement!! 4. Scanners - sucuri.net vs wordfence

12. How do I stop it happening again? • Ensure good

    backups • Google Webmasters Tools Notifications • Download from reliable sources • Use child themes • Remove unused plugins and themes • Wordfence security settings • Keep updated Friday, 22 March 13

13. InfiniteWP Demo Friday, 22 March 13

14. more info • http://codex.wordpress.org/ FAQ_My_site_was_hacked • http://wp.smashingmagazine.com/ 2012/10/09/four-malware-infections- wordpress/ •

    http://blog.sucuri.net/2012/12/website- malware-reality-of-cross-site- contaminations.html Friday, 22 March 13

15. www.didgeroo.com linkedin.com/in/didgeroo infinitewp.com linkedin.com/in/jontybrook Friday, 22 March 13