WordPress Hackers – Changing Tactics

Last week we mentioned a few plugins about finding and cleaning hacks. With that same client, we found a new vector of attack that is immune to a lot of the new tactics. In one instance, we found that the code was placed in clear text, rather than obfuscated by base_64 encoding. Basically, the new code was hiding in plain site and was not being examined by the other exploit scanning software. The way the attacks are occuring, seems to suggest that WordPress hack attacks are evolving.

Another interesting development was that after tracing down the attacker through the access logs, we found that they were actually getting into the system by using an exploit in a non-active theme file. Remember, even if your theme is NOT active, it can still be accessed via the web. (Default themes like Twenty-Eleven and Twenty-Ten can be vulnerable).

Our advice is:
1.) If you aren’t using it, remove it. This goes for plugins/themefiles.
2.) Keep EVERYTHING up to date. Plugins/WordPress/ and server patches.
3.) Run exploit scans every once in a while.
4.) Always make sure you have access to the web server logs, even if you are on a shared hosting plan.

Posted in Tech Tips

Customer Love

I have known Jeremy for over 15 years and worked with him on several large projects. From sifting through Department of transportation records, search pa court records and county election records, he went beyond my expectations with every project. He is a dynamic thinker and help extract the most value out of the data. I highly recommend Jeremy for any large data project and his entrepreneurial insight.

- Greg Gennace ESQ