We are a web and mobile design, development, and digital marketing agency. Request a Quote
Please note that this is an important security alert regarding the ongoing global attack on wordpress installations to crack your wordpress admin passwords and inject various malicious scripts to deface your site. Mostly the attacks are originating from CMSs like wordpress,joomla, drupal etc.,. The concept is simple in which the attackers are trying with all the possible passwords to get into your admin panel. Once logged in, they are uploading some malicious scripts which will deface the enter the site. Sometimes this might cause all the sites to get deface.
The issue seems to be due to word press / Joomla other open source cms vulnerability that exists in your websites and the weak passwords of admin panel/cpanel. This could also be due to older version of such cms running in your website or you are using vulnerable themes or plugins in such websites.
Also note that, If your local system/network is infected then there is a chance to deface your site while accessing it in that infected system.
The following are the steps that can be taken to avoid hacks;
1. Keep your local system free from virus and malware.
2. Always use genuine OS in your system.
3. Use anti-virus,firewall and anti-malware tools to protect your system
4. Always use tough passwords like 3r48d*#R#T&3023r for WHM, cpanel and admin panel.
5. Keep changing the passwords for mail, ftp, whm, cpanel etc regularly.
6. In your website if you are using open source cms like word press, joomla, drupal etc. make sure that they are upto date. The latest version of WordPress is always available from the main WordPress website at http://wordpress.org.
7. Never use 777 permissions for files or folders.All files are set to 0644 and all directories are set to 0755.
8. If you upload images, files to a folder, better protect those folders with proper permission so that no one can access them from outside
10.Make sure that your coding is well optimised and is not vulnerable.
You can also refer the below urls for hardening your wordpress sites,
http://codex.wordpress.org/Hardening_WordPress
[button link=”http://wordpress.org/extend/plugins/better-wp-security/” size=”medium”]Better WP Security WordPress Plugin[/button]
