Mobile app version of vmapp.org
Login or Join
Kevin317

: How to make a WP site read only I have a WP site that was hacked, I have an old copy that I used and the site hacked again on another server, I suspect this copy have a trojan horse

@Kevin317

Posted in: #HackedSite #Wordpress

I have a WP site that was hacked, I have an old copy that I used and the site hacked again on another server, I suspect this copy have a trojan horse in it which created new folder for phishing. What to do in order the wp/site will be "frozen", no new content no new PHP files, no PHP file mods, SAME SAME all?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Kevin317

2 Comments

Sorted by latest first Latest Oldest Best

 

@Barnes591

If what you say above about "no new content" is correct, then instead of attempting to harden WordPress, you could remove it completely after generating completely static output.

You can use a spidering program like HTTrack or a plugin like Simply Static to accomplish it. Removing WordPress will absolutely remove the ability to hack WordPress and if the site is not going to change very much or very often then this is a great security step.

10% popularity Vote Up Vote Down


 

@LarsenBagley505

Whether this will work or not really depends on the method used to hack your site. If the attackers where able to gain remote access to your server then there is no real way to prevent later changes to files after they have been uploaded. If the attack vector is through WordPress itself then you can restrict the file permissions for WordPress to the minimum required permissions which may help.

The minimum permissions needed by WordPress are as follows...

/ - Root WordPress Directory:
All files should be writing by your user account only except for .htaccess if you want WordPress to automatically generate the rewrite rules for you.

/wp-admin/ - WordPress Admin Directory:
All files should be writable by your user account only.

/wp-includes/ - WordPres Application Logic
All files should be writable by your user account only.

/wp-content/ - User Supplied Content
The directory and all files contained therein should be writable by your user account and the web server process.

Within /wp-content/...

/wp-content/themes/ - Theme Files
If you want to use the in-built theme editor then files need to be editable by the web server process otherwise only your user account needs write access.

/wp-content/plugins/ - Plugin Files
All files should be writable by your user account only.

Other directories that may be present in /wp-content/ should be documented by whichever plugin or theme requires them. Permissions will vary.

(Sourced From codex.wordpress.org/Hardening_WordPress)
If the problem is that the attackers gained remote access to the server itself you will need to scan the server for malware and viruses to make sure there aren't any on the server. Once this has been done you should apply firewall restrictions limiting remote access from the internet only to port 80 (HTTP) and port 443 (HTTPS). If you need remote access through SSH or a web admin panel (such as cPanel, Plesk, Webmin, etc) then you should open up the firewall to allow remote access on those ports only, but if possible restrict access to those ports to your IP address only. If this sort of attack has occured it could also pay to look into hardening Apache and hardening your Linux server. Instructions how to do both those things are beyond the scope of this question but you can take a look at www.tecmint.com/apache-security-tips/ and www.cyberciti.biz/tips/linux-security.html for some good pointers.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme