WordPress Hackers – Changing Tactics

Last week we mentioned a few plugins about finding and cleaning hacks. With that same client, we found a new vector of attack that is immune to a lot of the new tactics. In one instance, we found that the code was placed in clear text, rather than obfuscated by base_64 encoding. Basically, the new code was hiding in plain site and was not being examined by the other exploit scanning software. The way the attacks are occuring, seems to suggest that WordPress hack attacks are evolving.

Another interesting development was that after tracing down the attacker through the access logs, we found that they were actually getting into the system by using an exploit in a non-active theme file. Remember, even if your theme is NOT active, it can still be accessed via the web. (Default themes like Twenty-Eleven and Twenty-Ten can be vulnerable).

Our advice is:
1.) If you aren’t using it, remove it. This goes for plugins/themefiles.
2.) Keep EVERYTHING up to date. Plugins/WordPress/ and server patches.
3.) Run exploit scans every once in a while.
4.) Always make sure you have access to the web server logs, even if you are on a shared hosting plan.

Posted in Tech Tips

Customer Love

When our web development company has a difficult project that requires really technical expertise, we pick up the phone and call Jeremy Silva. He is a master programmer and knows the intricate ins and outs of servers and networks. He is able to estimate and accurately code all manner of outrageous programming requests and makes very creative suggestions which ultimately save our customers time and money. He is the first person I go to when I have a tricky programming problem, and he always gets the job done in a creative way, under budget and on time. I'd recommend Jeremy to anyone!

- Susan McCrossin - CEO Boomtown Internet Group