WordPress Hackers – Changing Tactics

Last week we mentioned a few plugins about finding and cleaning hacks. With that same client, we found a new vector of attack that is immune to a lot of the new tactics. In one instance, we found that the code was placed in clear text, rather than obfuscated by base_64 encoding. Basically, the new code was hiding in plain site and was not being examined by the other exploit scanning software. The way the attacks are occuring, seems to suggest that WordPress hack attacks are evolving.

Another interesting development was that after tracing down the attacker through the access logs, we found that they were actually getting into the system by using an exploit in a non-active theme file. Remember, even if your theme is NOT active, it can still be accessed via the web. (Default themes like Twenty-Eleven and Twenty-Ten can be vulnerable).

Our advice is:
1.) If you aren’t using it, remove it. This goes for plugins/themefiles.
2.) Keep EVERYTHING up to date. Plugins/WordPress/ and server patches.
3.) Run exploit scans every once in a while.
4.) Always make sure you have access to the web server logs, even if you are on a shared hosting plan.

Posted in Tech Tips

Customer Love

I have had the pleasure of working with Jeremy on several innovative projects. With each experience, I was continually impressed with Jeremy’s ability to interpret requirements, translate them into a technical application, and deliver solutions on time and on budget. On many occasions, Jeremy demonstrated his acumen in researching technical approaches and developing innovative solutions. He is a highly skilled data mining and word press expert. Most impressive is Jeremy’s ability to consult on a wide variety of technologies with ease and ability to speak to the business challenges and solutions in a concise and substantive manner. He has always been a pleasure to work with maintaining a positive demeanor and responsiveness to customer needs. I’m happy to give my highest recommendation to Jeremy

- Daniel Kerns