GoDaddy/Wordpress hack

  • Started
  • Last post
  • 3 Responses
  • comicsans

    I have a feeling of deja vu about this…

  • ETM0

    Wasn't it just Network Solutions that went through this... and/or Media Temple as well.

  • acescence0

    security 101...

    - install wordpress in a folder, not on the root of your server. you can still have the site appear on the root of your domain

    - use htaccess and htpassword to add another layer of protection to your admin panel or limit access by IP

    - change the default admin user name

    - put your wp-config file above http root or use htaccess to make it not directly accessible

    - use .htaccess to make everything in wp-admin not directly accessible via http

    - use ssl to access the admin panel over https

    - disable ftp and use ssh instead

    - remove the generator meta tag so bots can't easily discover you're running wordpress

    - use htaccess to restrict access to specific file types within your directories, image files in dirs that should only contain images, or css, or js, etc..

    and get real hosting, not shared! a vulnerability in someone else's site can provide an in to your account, use a vps instead. if you're not comfortable with any of this stuff and security is important to you, hire someone who knows what they're doing.

  • comicsans0

    The suggestion among the 'informed' is that the source of some of these attacks is free themes. Other principal cause is self-installed WP which is not updated or adequately locked down. GoDaddy are culpable in that they are cheap and do nothing to assist the WP installer, the ignorant amateur then crafts their own noose.